In a recent disclosure, Clorox, a leading household cleaning product manufacturer, reported a major cybersecurity breach that prompted the company to temporarily shut down several of its IT systems. The announcement was made through a regulatory filing with the U.S. Securities and Exchange Commission (SEC) on Monday.
“The Clorox Company has identified unauthorized activity on some of its Information Technology (IT) systems,” reads the filing. “After becoming aware of the activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline.”
A spokesperson for Clorox mentioned in an email that while the company is “working diligently to respond to and address this issue, these systems will remain offline out of an abundance of caution.” The spokesperson further added that some operations are temporarily impaired, but the company is “implementing workarounds where possible” to ensure minimal disruption.
While the exact nature and extent of the cyberattack remain under investigation, Clorox has engaged leading third-party cybersecurity experts to assist in recovery efforts. Additionally, law enforcement agencies are actively investigating the incident.
Interestingly, Clorox had previously acknowledged its vulnerability to cyber threats in a recent 10-K report with the SEC.
“The Company’s information and operational technology systems and its third-party providers’ systems, have been, and will likely continue to be, subject to cyber-threats such as computer viruses or other malicious codes, ransomware, unauthorized access attempts, business email compromise, cyber extortion, denial of service attacks, phishing, social engineering, hacking and other cyberattacks attempting to exploit vulnerabilities,” the report read.
Clorox is yet to specify the type of attack or how the intruders were able to get into its systems. However, other major companies, such as IAG SA’s British Airways, Tempur Sealy, and numerous government departments, have also been recent victims of cyberattacks, emphasizing the critical need for potent digital security measures.