Clorox estimates the costs of the August cyberattack will exceed $49 Million

Pierluigi Paganini February 03, 2024

Cleaning products giant Clorox estimates the economic impact of the cyber attack that hit the company in August 2023 at $49 million.

The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products.

The cleaning product giant announced in mid-August it was the victim of a cybersecurity incident that forced it to take some systems offline.

At this time, Clorox has yet to share technical details of the cyberattack. The described impacts suggest that the company was likely a ransomware attack.

According to a filing with SEC, Clorox estimates the economic impact of the cyber attack that hit the company in August 2023 at $49 million.

The costs include losses caused by disruptions, as well as expenses for third-party forensics and consultants assisting the company in investigating and remediating the attack.

The company also expects a negative on the fiscal year 2024 results.

“The effects of the cyberattack are expected to negatively impact fiscal year 2024 results, though some of the anticipated net sales not recognized in the first quarter as a result of the disruptions were recognized in the second quarter, and some are expected to be recognized in subsequent quarters of fiscal year 2024 as customers rebuild inventories.” reads the SEC filing. “The Company also incurred incremental expenses of approximately $25 and $49 as a result of the cyberattack for the three and six months ended December 31, 2023, respectively. These costs relate to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company’s business operations. The Company expects to incur lessening costs related to the cyberattack in future periods.”

The company added that it did not record any insurance proceeds in the three and six months ending on December 31, 2023, associated with the cyberattack. The recognition of insurance recoveries, if applicable, may not align with the timing of recognizing the associated expenses.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Clorox)

you might also like

leave a comment