Clorox’s $49 Million Response to the September 2023 Cybersecurity Breach

Clorox, an American manufacturer of household chemicals and professional cleaning agents, was subjected to an extortion attack during the summer, resulting in significant disruptions in supplies and order processing.

The incident occurred on August 11, 2023. In reports submitted to the U.S. Securities and Exchange Commission, Clorox disclosed that by the end of 2023, expenses related to the aftermath amounted to $49 million. These funds were primarily expended on engaging third-party experts – IT recovery specialists, forensic analysts, legal professionals, and other consultants who aided in the investigation.

While the recovery process is ongoing, Clorox’s leadership assured that they are diligently addressing the issue and anticipate a gradual reduction in expenditures.

“Our second quarter results reflect strong execution on our recovery plan from the August cyberattack,” commented Linda Rendle, Chairman of the Board and CEO of Clorox, in an 8-K report.

“We are rebuilding retailer inventories ahead of schedule, enabling us to return to merchandising and restore distribution. While there is still more work to do, we’re focused on executing with excellence in what remains a challenging environment to drive top-line growth and rebuild margin.”

Unconfirmed information suggests that the attack may have been carried out by the hacker group Scattered Spider, known for infiltrating major companies through social engineering methods. Previously, they targeted giants like MGM, Caesars, and Reddit. Scattered Spider is known to collaborate with the BlackCat group.

Clorox is a sizable player as well, employing 8,700 personnel, with an annual revenue of nearly $7.5 billion in 2023.