Clorox Forecasts Quarterly Deficit Due to August Cyber incident and Manufacturing Hold-ups
Clorox, a leading manufacturer of commercial and consumer goods, has suffered a significant financial loss due to a cyberattack that occurred in 2023. The attack, which was traced back to the hacking group "Scattered Spider," caused order processing delays and product shortages, leading to an estimated $380 million in combined damages[1].
The cybercriminal responsible for the attack exploited a weak verification system at Cognizant, Clorox's IT service provider. The service desk allegedly granted password reset access to the cybercriminal impersonating a Clorox employee without proper identity verification[1][2].
The attack resulted in significant supply chain disruptions and revenue losses for Clorox. The company initially estimated mid single-digit growth for organic sales, but organic sales for the quarter ending September 30, 2023, are expected to decrease by 21% to 26% year over year[2].
Clorox anticipates a financial loss in the first quarter of fiscal 2024, with adjusted earnings per share expected to range between break-even to a loss of 40 cents a share[2]. The company has since taken legal action against Cognizant for negligence and botched incident response[1][2].
The disruption started in August 2023 and the ripple effects were felt into Q1 2024. While exact dates have not been publicly detailed, the company is still addressing remediation costs and operational recovery through 2024[1][2].
Scattered Spider, the hacking group responsible for the attack, has been notably active in cyberattacks on various industries since 2023. The group employs ransomware-as-a-service and social engineering tactics, causing substantial disruptions in the industrial and manufacturing sectors[3][4].
This incident highlights the risks related to third-party IT service providers and the rising threat of sophisticated social engineering-based cyberattacks on industrial and manufacturing sectors. Katell Thielemann, a distinguished VP analyst at Gartner, emphasized the importance of securing cyber-physical systems for companies that produce goods[5].
Clorox is a well-known brand, providing a range of products including Clorox bleach, Pine-Sol, Burt's Bees, and Fresh Step cat litter. The company resumed normal order processing and later factory operations in late September after weeks of production delays[2].
As Clorox begins to restock retailer inventory, the company will benefit somewhat from the cyberattack. However, the operational strain of the attack will continue during the fiscal second quarter, but to a lesser extent[2]. The impact of the attack will outweigh the benefits of pricing, supply chain optimization, and cost savings[2].
The estimate includes charges related to the cyberattack and long-term strategic investments for enhanced productivity and digitalization[2]. Scattered Spider is reported to work with another group called AlphV/Black Cat[3]. The group is also linked to the MGM Resorts and Caesars Entertainment hacks in Las Vegas[6].
References:
- Clorox Sues Cognizant Over 2023 Cyberattack
- Clorox Q1 2024 Earnings Preview
- Scattered Spider and AlphV/Black Cat: A New Ransomware Duo to Watch
- Scattered Spider's Attack on Clorox Highlights Supply Chain Disruptions
- Gartner: Securing Cyber-Physical Systems Critical for Companies that Produce Goods
- Las Vegas Casino Attacks Facilitated through Social Engineering Techniques
- The cyberattack on Clorox in 2023, carried out by the hacking group Scattered Spider, not only caused significant financial losses in the business sector, but also highlighted the rising threat of sophisticated social engineering-based cyberattacks on industrial and manufacturing sectors.
- The cyberattack on Clorox, which disrupted their supply chain and led to a financial loss, underscores the importance of cybersecurity in the finance sector, particularly in the context of third-party IT service providers.
