If you’ve noticed an empty store shelf where Clorox bleach, Glad trash bags or Burt’s Bees skin products should be, you’re not alone.
Clorox, the consumer products giant that makes those and many other items, is still picking up the pieces after a devastating cyberattack two months ago. The company said in late September that for weeks, it had been unable to automatically process orders for its vendors, including large retail stores like Walmart and Target.
That slowed down sales and caused outages and shortages.
Allan Liska, a cybersecurity researcher at Recorded Future, speculated about the damage caused to Clorox’s manufacturing operation after the cyberattack: ‘When [Clorox] couldn’t take in the orders, even though the lines themselves could run, [Clorox] couldn’t tell them what to produce or where to send it.’
Liska isn’t working on the Clorox case, but said he is familiar with it.
Last week, Clorox started to explain how the ransomware attack has hurt its business. The company said Wednesday it will likely lose money in the first quarter of its fiscal 2024, which ended Sept. 30, as a result of the breach and the necessary repairs to its systems.
Clorox had $1.74 billion in revenue in the first quarter of last year, and in early August, shortly before it disclosed the cyberattack, the company said it expected sales to grow in the mid single digits in the first quarter.
If sales had grown 5%, that would have resulted in $1.83 billion in revenue based on last year’s totals. Instead, the company said last week that sales will fall 23% to 28% from a year ago.
That would come out to between $1.25 billion and $1.34 billion in revenue instead. That might translate to a revenue drop of $500 million or more compared to what Clorox anticipated before it discovered the breach.
Bloomberg reported last week that officials believe Clorox was hacked by the same group that went after casino operators MGM and Caesars Entertainment in September.
MGM, Caesars and Clorox all had to tell the public about those hacks because of new rules that securities regulators adopted in July. Essentially, companies have to disclose any major data breach within four days. And some of the largest hacks of the recent past, like those that affected JBS USA Holdings and Colonial Pipeline, affected companies that don’t have to follow similar rules.
But even if Clorox did not have to announce a major data breach, consumers would notice when Tilex, Hidden Valley Ranch dressing, Kingsford charcoal or Scoop Away cat litter were in short supply. They just might not know the reason for it.
Clorox, for its part, says that it’s still dealing with the effects of the breach and continuing to get its business back on track.
‘All our manufacturing sites are operational, and we are ramping up production and working to restock trade inventories,’ Clorox told NBC News in an emailed statement.
The company says it will benefit as retailers start to restock, but even that won’t happen until its fiscal second quarter, in early 2024.
Until that’s complete, shoppers are likely to have to deal with continued shortages of some of Clorox’s products.