It has been a very eventful couple of weeks for cyberattack-related news.
It all kind of started Wednesday of last week when Johnson Controls revealed it had been hit by a cyberattack. The company warned it “experienced disruptions in portions of its internal information technology infrastructure and applications.” And while the financial impact of that attack has not yet been determined, it also cautioned, it “is assessing whether the incident will impact its ability to timely release its fourth quarter and full fiscal year results.”
But why is this specific cybersecurity incident of particular interest? Many of Johnson Controls’ customers are federal agencies, including the Department of Homeland Security. That agency is reportedly investigating if any floor plans and security information were exposed as a result of the attack.
Then on Wednesday of this week, Clorox gave a shocking earnings warning. The culprit was a significant cybersecurity breach from August — “which caused wide-scale disruption of Clorox’s operations, including order processing delays and significant product outages.”
What’s more, while it drastically took down fiscal first-quarter numbers, the company is “in the process of assessing the impact of the cybersecurity attack on fiscal year 2024 and beyond.” Clorox is now expecting a hefty year-over-year sales decline as well as a quarterly loss thanks to the incident.
And Thursday night, MGM Resorts revealed that the cyberattack it experienced in September will cost the company about $100 million. It explained that the incident caused “impacts to occupancy due to the availability of bookings through the company’s website and mobile applications.”
MGM noted that it was mostly contained to the month of September. It does expect that impact beyond the third quarter should be “minimal” and that, overall, it won’t be material to operations and results for the full year. It also reportedly refused to pay ransom.
Unlike its competitor, Caesars paid a $15 million ransom after suffering its own September data breach. It was fortunate, though, that the incident didn’t impact casino or online operations. The company has not yet disclosed a financial impact.
While those companies all shed light on developments in recent days, keep in mind some of the other marquee names we’ve seen throughout this year alone that have experienced significant cybersecurity issues as well. It’s been a problem all year for a variety of companies.
Campbell Soup didn’t suffer the same ugly fate as Clorox after experiencing a cyberattack that affected one of its facilities over the summer. The food maker said the incident had a minimal impact on operations and was immaterial to financials.
Another food maker — Dole — also suffered a cyberattack back in February. It absorbed $10.5 million in costs from the event, which also had a limited impact on operations.
Brunswick had to temporarily halt some operations after a June cybersecurity incident. That event cost the company about $85 million and caused second-quarter numbers to be “lower than initial expectations.” It apparently took more than a week for operations to resume.
Tempur Sealy and Estee Lauder also had to shut down some IT systems after getting hit by separate cyberattacks in July.
Back in March, Sysco disclosed a data breach that happened in January. While customer and employee data were stolen, there was no operational impact.
Likewise, miner Freeport-McMoRan suffered a cyberattack in August, but production impact from that was limited.