Clorox Takes Down Some IT Systems After 'Unauthorized Activity'

The incident is expected to continue to affect some parts of the business operations, the California-based consumer products company said in a regulatory filing.

Bloomberg News

August 15, 2023

1 Min Read
hand on computer mouse in dark room
Bloomberg

(Bloomberg) -- Clorox Co. has taken some of its information technology systems offline after identifying “unauthorized activity” in its computer networks that has disrupted some business operations. 

The incident is expected to continue to affect some parts of the business operations, the Oakland, California-based consumer products company said Monday in a regulatory filing. 

“While we are working diligently to respond to and address this issue, these systems will remain offline out of an abundance of caution, as we work to add additional protections and hardening measures to further secure them,” a Clorox spokesperson said in an email.

“As a result, some operations are temporarily impaired,” the spokesperson said. “We are following our business continuity plans and implementing workarounds where possible.”

Clorox didn’t provide further details on the type of cyberattack or the specific business operations affected by the incident. Law enforcement is investigating and cybersecurity breach experts have been called in to help track what has happened and recover data, the company said in the filing.

While Clorox hasn’t specified how the intruders were able to get into its systems, a number of large companies have found themselves targets in ransomware attacks, in which criminals request money in return for stolen data and, on some occasions, their silence. IAG SA’s British Airways, PricewaterhouseCoopers LLP, Ernst & Young and numerous government departments were targeted with ransomware by the criminal gang Clop in recent months. 

Related:Cyber Insurance Premiums Surge by 50% as Ransomware Attacks Increase

The US Securities and Exchange Commission last month approved new rules that beginning in September will require companies to disclose most cyberattacks within four days of an incident.

About the Author

Bloomberg News

The latest technology news from Bloomberg.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like