Cleaning product giant Clorox said in a regulatory filing on Monday that it's reeling from a cyberattack that's been affecting the company since August, disrupting operations and likely hitting its quarterly earnings.
Clorox said in the Securities and Exchange Commission filing that it "identified unauthorized activity on some of its information technology systems" on Aug. 14, and has been working to remedy the situation ever since by initiating "manual ordering and processing procedures" and reducing its production.
However, "due to the order processing delays and elevated level of product outages, the company now believes the impact will be material on Q1 financial results," the SEC filing said.
Clorox is currently in the first quarter of its 2024 fiscal year, which began on July 1.
The Oakland, Calif.-based bleach brand reported strong earnings for the fourth quarter of 2023 last month, including a 12% increase in overall sales, to $2 billion - a sharp increase compared to flat sales in the year-ago quarter, which the company attributed to a "favorable price mix" of its array of household staples.
For 2024, Clorox expects net sales to rise as much as 2% year over year, buoyed by "supply chain optimization," the company said in its latest earnings report, though this outlook may change following the month-long cyberattack.
"Clorox is still evaluating the extent of the financial and business impact" the cybersecurity attack had, it added in the SEC filing.
It's the first time Clorox has revealed the extend of the digital attack since it was first noted last month. "The cybersecurity attack damaged portions of the Company's IT infrastructure, which caused wide-scale disruption of Clorox's operations," the Pine Sol-maker said, noting that it "believes the unauthorized activity is contained."
More specific details on the cyberattack - including who was behind it - were not revealed in the SEC filing.
As of Sept. 25, Clorox "expects to begin the process of transitioning back to normal automated order processing."
The company has already resumed smaller-scale production of its cleaning products, with expectations to "ramp up to full production over time."
"At this time, the company cannot estimate how long it will take to resume fully normalized operations."
When The Post sought comment from Clorox - which owns brands like Burt's Bees, Brita and Glad - a company spokesperson pointed to an update on its site, which said Clorox "is continuing to operate at a lower rate of processing."
In the early hours of trading on Monday, Clorox's share price was down nearly 2%, to $143.53.
Clorox isn't the only company struggling to recover from a cyberattack.
Just last week, MGM staffers at the hotel operator's 12 hotels on the Las Vegas Strip were wasting no time in handing out $25 vouchers to quell guests who were frustrated that many of the hotel casino's slot machines were silenced following a "cybersecurity issue."
As of Friday, many gaming machines at the MGM-operated Aria hotel showed blacked-out screens displaying an "out of service" message, while over in the lobby, a long line stretched at the reception desk.
An update shared to the company site said that as of Monday, MGM Resorts was still being affected by a cybersecurity issue, though its website and mobile app are operating.
Meanwhile, Caesars Entertainment on Thursday reportedly paid roughly $15 million in an attempt to placate hackers who threatened to leak the sensitive customer data stolen during a summer cyberattack.
Caesars admitted that the hackers breached its systems through a "social engineering attack on an outsourced IT support vendor," according to a regulatory filing.
themes: California Las Vegas
Clorox products may be in short supply following cyberattack, company warns
If Clorox products seem harder to come by these days, you can thank hackers.
The bleach and household cleaners manufacturer said in a statement on its website Monday that it is "continuing to operate at a lower rate of processing," as a result of the recent cyberattack that damaged portions of the company's IT infrastructure. The breach, which occurred last month, disrupted operations as the company "took certain systems offline" as a security measure.
"We expect the ramp-up to full production to occur over time but do not yet have an estimate for how long it will take to resume fully normalized operations," the company said. In the meantime, the company will continue to process orders manually as it reintegrates its systems that were taken offline during the attack, according to the statement.
The transition back to automated order processing will take place beginning the week of September 25, the company said, adding that production had already resumed at a "vast majority" of its manufacturing sites.
Clorox also owns brands Burt's Bees, Pine SOL and Fresh Step, but it's unclear whether its output of those products has also been affected by the attack.
Clorox did not immediately return CBS MoneyWatch's request for comment.Hackers target major companies
..... Last week, a group of hackers exploited MGM Resorts' systems, stealing Social Security numbers and driver's license numbers from a "significant number" of loyalty program customers of Caesars Entertainment, the hospitality and casino giant said. The ransom attack also targeted the resort's operations, with hotel guests reporting they couldn't access their rooms with their digital keys or make room charges. As a result, the hotel owner has lost between roughly $4 and $8 million per day, the Las Vegas Review-Journal reported.
This latest hack may also have an impact on Clorox's first-quarter financial results, the company said in an SEC filing. The company's stock dipped roughly 2% by the time the market closed on Monday.
Clorox products in short supply due to cyberattack
In a recent statement on its website, Clorox, the bleach and household cleaners manufacturer, revealed that it has been operating at a lower rate of processing due to a cyberattack that occurred last month. The company took certain systems offline as a security measure, resulting in disrupted operations. Clorox stated that it expects to resume fully normalized operations over time, but no estimate has been provided for how long this will take. In the meantime, the company will continue to manually process orders as it reintegrates its systems. Automated order processing is set to resume the week of September 25. Clorox has already resumed production at the majority of its manufacturing sites. .....
Clorox is not the only company facing the consequences of a cyberattack. ..... The attack also targeted the resort's operations, with guests reporting issues accessing their rooms and making room charges. As a result, the hotel owner has been losing between $4 and $8 million per day. The impact of this recent hack may also affect Clorox's financial results for the first quarter, according to a filing made with the SEC. Clorox's stock dipped around 2% by the end of the trading day on Monday.
Clorox disclosed further details about the cyberattack in its SEC filing. The company discovered unauthorized activity on some of its information technology systems on August 14 and has been working to address the situation since then. Clorox implemented manual ordering and processing procedures and reduced its production as a result of order processing delays and product outages. The company now believes that the impact of the cyberattack will be material on its first-quarter financial results. Clorox had previously reported strong earnings for the fourth quarter of 2023, with a 12% increase in overall sales compared to the previous year. However, the company's outlook for 2024 may change due to the cyberattack's impact on their supply chain optimization plans.
Clorox has not provided specific details about the cyberattack or the responsible party. The company expects to transition back to normal automated order processing starting on September 25. Smaller-scale production has already resumed, and Clorox aims to ramp up to full production over time. When contacted for comment, a company spokesperson directed reporters to an update on Clorox's website, which stated that the company is still operating at a lower rate of processing.
..... The company's struggle to recover from the cyberattack is not unique, as MGM Resorts has also faced similar issues. Guests at MGM's hotels on the Las Vegas Strip were frustrated when many of the hotel casino's slot machines were silenced due to a cybersecurity issue. MGM Resorts' website and mobile app are still affected by a cybersecurity issue as of the most recent update. Additionally, Caesars Entertainment reportedly paid approximately $15 million to hackers who threatened to leak sensitive customer data following a cyberattack. Caesars acknowledged that the breach occurred through a social engineering attack on an outsourced IT support vendor.