Clorox takes servers offline, notifies law enforcement after ‘unauthorized activity’

Cleaning product giant Clorox announced a cybersecurity incident this week that forced it to take several systems offline.

The company – which reported more than $7 billion in earnings in 2022 through its namesake cleaning product and several others like Pine Sol, Burt’s Bees and more – reported the incident in regulatory filings with the U.S. Securities and Exchange Commission (SEC) Monday.

“The Clorox Company has identified unauthorized activity on some of its Information Technology (IT) systems. After becoming aware of the activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline,” the company said in an 8-K filing.

“The Company is working diligently to respond to and address this issue, and is also coordinating with law enforcement. To the extent possible, and in line with its business continuity plans, Clorox has implemented workarounds for certain offline operations in order to continue servicing its customers.”

The company warned that the cyber incident is causing “disruption to parts of the Company’s business operations” and has forced them to hire a cybersecurity firm to help with the recovery. Their investigation into the incident is “ongoing and is in its early stages.”

Clorox did not immediately respond to requests for comment.

In its annual 10-K report filed with the SEC last week, the company warned that its increasing reliance on an array of technology left it exposed to potential disruptions caused by cyberattacks.

Both its informational and operational technology systems may be “vulnerable to …ransomware, unauthorized access attempts, business email compromise, cyber extortion, denial of service attacks, phishing, social engineering, hacking and other cyberattacks attempting to exploit vulnerabilities,” it said.

The company noted it has seen “an increase in the number of such attacks” since shifting to a remote work model.

Manufacturing companies continue to face an endless barrage of attacks, with dozens of high profile corporations announcing incidents in recent weeks including mattress giant Tempur Sealy.

Researchers at Akamai said last week they saw a 42% increase in total manufacturing industry victims between Q4 2021 and Q4 2022, outpacing all other industries. Comparitech said based on their data, the 478 ransomware attacks on manufacturing companies from 2018 to July 2023 caused an estimated $46.2 billion in losses from downtime.