Clorox says cyberattack caused $49 million in expenses

Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident.

Clorox is an American manufacturer of consumer and professional cleaning products with 8,700 employees and almost $7.5 billion in revenue for 2023.

On August 11th, Clorox suffered a cyberattack that caused significant disruption in the company's operation, leading to lowered production and decreased availability of consumer products.

In an earnings report filed with the SEC on Thursday, Clorox disclosed it incurred $49 million in expenses related to the cyberattack by the end of 2023.

"The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company's business operations," reads the Clorox 2024 Q2 Quarterly report.

The company has acknowledged that they are still working to recover from the attack but expects to incur lessening costs related to the cyberattack in the future.

"Our second quarter results reflect strong execution on our recovery plan from the August cyberattack," said Clorox Chair and CEO Linda Rendle in an 8-K filing.

"We are rebuilding retailer inventories ahead of schedule, enabling us to return to merchandising and restore distribution. While there is still more work to do, we're focused on executing with excellence in what remains a challenging environment to drive top-line growth and rebuild margin."

Johnson Controls International also confirmed this week that a September 2023 ransomware attack cost the company $27 million in expenses, leading to a data breach after hackers stole corporate data.

Attack linked to Scattered Spider

While Clorox has not provided many details about their attack, Bloomberg reported that it is believed to have been conducted by the hacker collective known as Scattered Spider.

Scattered Spider is a loose-knit group of threat actors, many of them English-speaking, who specialize in social engineering attacks to breach a company's networks.

What makes Scattered Spider so unusual is they are also affiliates of the BlackCat/ALPHV ransomware gang, who usually only work with Russian-speaking threat actors.

Scattered Spider has been previously linked to attacks on MGM, Caesars, DoorDash, and Reddit.