Product shortages and worse first quarter results than expected seem to be forthcoming for the world’s most recognizable bleach brand. The Clorox cyber attack that took place in mid-August caused a substantial ongoing disruption throughout the company, according to a recent SEC filing.
Clorox expects for it to be some time before it fully recovers, and says that it cannot predict long-term financial consequences beyond the 2024 first quarter. There is no specific word yet on what products might disappear from shelves in the coming months, but the company has been struggling to restore reserve stock of items that sold more heavily than usual during the pandemic (such as surface cleaning wipes).
Few details of Clorox cyber attack included with mandatory SEC filing
The Clorox cyber attack has been something of a mystery since it happened, with no word yet on what criminal group might be responsible or confirmation of ransomware being deployed. The SEC filing, required when a company discovers a likely material impact that could alter investor expectations, continues to keep details as thin as possible. The scanty information about first quarter results and product shortages is about all that was new with the announcement.
Ransomware is speculative, but an increasingly well-founded theory given the apparent extent of disruption and how long it is taking the company to fully recover from the cyber attack. The circumstances point to Clorox refusing a ransom payment and having to restore everything from backups, though if that is the case it is odd that no mention of the attack has yet surfaced on the dark web.
There is also nothing but speculation about how the cyber attack started at this point, but social engineering is back in the news after both MGM and Caesars fell to the same attackers using the same approach in short order. Organizations must not only keep up on security patching and log review, but also employee training, authentication policies, incident response, and regular backups as the final backstop if all of the above fails.
Unclear exactly what product shortages, negative impact on first quarter results will look like
The biggest impact that Clorox has revealed to the public thus far is that it has had to switch to manual processing of at least some of its orders. However, it has also said that it expects to have the automatic order processing system fully restored by the end of this week, so it is not likely this aspect will have a substantial impact on the first quarter results or contribute to product shortages. The company has also said that it believes the cyber attack is contained at this point and that it is devoting all resources to recovery.
However, it did add that “full operation” will not be restored for an unknown amount of time. This is apparently where the first quarter results impact and potential product shortages spring from, though as with all other aspects of this cyber attack, details remain thin.
The impacts and product shortages may not be limited to the Clorox band. Clorox has become a conglomerate that owns over a dozen well-known brands commonly found on store shelves; primarily other cleaning products such as Pine-Sol and Liquid-Plumr, but it is also in the HBA market with Burt’s Bees and foods with Hidden Valley Ranch and Kingsford. It is also the owner of the Brita water filter company.