Clorox Co Takes Systems Offline After Discovering Cybersecurity Breach

The Clorox Company (NYSE: CLX) disclosed on August 14, 2023 that it took certain systems offline following a cybersecurity breach. The manufacturing behemoth, which reported annual revenue of more than $7.3 billion for the year ending June 30, 2023, is known for its staple bleach, but its portfolio includes many other cleaning and personal care brands and products.

In an 8-K filing with the U.S. Securities and Exchange Commission on August 14, 2023, the company announced the discovery of “unauthorized activity on some of its Information Technology (IT) systems.”

After discovering the cybersecurity breach, Clorox “began taking steps to stop and remediate the activity, including taking certain systems offline.” While the company’s business continuity plans included “workarounds for certain offline operations,” the incident is disrupting “parts of the Company’s business operations.”

Clorox “engaged leading third-party cybersecurity experts to support its investigation and recovery efforts.”

In a 10-K Annual Report for the year ending June 30, 2023 filed just four days earlier on August 10, 2023, the company included a section related to operational risks titled, “Failure of key technology systems, cyber-attacks, privacy breaches or data breaches could have a material adverse effect on the Company’s business, financial condition, results of operations, and reputation.”

Interestingly, the company seemed to correlate an increase in the number of cyberattacks with the shift to a “hybrid working model under which employees will continue working remotely and accessing its technology infrastructure remotely,” while also stating that, “To date, the Company is not aware that its business or operations have been materially impacted by these cyberattacks.”

To date, the Company is not aware that its business or operations have been materially impacted by these cyberattacks. However, the Company’s security efforts and the efforts of its third-party providers may not prevent or timely detect attacks and resulting breaches or breakdowns of the Company’s, or its third-party service providers’, databases or systems. In addition, if the Company or its third-party providers are unable to effectively resolve such breaches or breakdowns on a timely basis, the Company may experience interruptions in its ability to manage or conduct business, as well as reputational harm, governmental fines, penalties, regulatory proceedings, and litigation and remediation expenses. In addition, such incidents could result in unauthorized disclosure and misuse of material confidential information, including personal information.
The Clorox Company 10-K Annual Report for YE 2023.06.30, filed on 2023.08.10

The manufacturing sector continues to be among the top targets for threat actors, along with healthcare and education.

Clorox is coordinating its investigative and recovery expert with law enforcement authorities. The investigation into the cybersecurity breach remains ongoing at this time.

Full quote from 8-K filing on August 14, 2023:

The Clorox Company (the “Company” or “Clorox”) has identified unauthorized activity on some of its Information Technology (IT) systems. After becoming aware of the activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline. The Company is working diligently to respond to and address this issue, and is also coordinating with law enforcement. To the extent possible, and in line with its business continuity plans, Clorox has implemented workarounds for certain offline operations in order to continue servicing its customers. However, the incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations.

Clorox has engaged leading third-party cybersecurity experts to support its investigation and recovery efforts. The investigation to assess the nature and scope of the incident remains ongoing and is in its early stages.
8-K Filing on 2023.08.14
Tweet