Clorox resumes normal plant operations in the wake of cyberattack

Clorox said all of its manufacturing facilities were back up and running following an August cyberattack that led to weeks of disruption and product shortages, according to a Friday update

The Oakland, California-based maker of Pine-Sol and household bleach, said it resumed automated order processing on Sept. 25 and was ramping up the pace of production to restock product inventories. 

The company had previously disclosed extensive product shortages after the August cyberattack damaged part of its IT systems, which led to widespread disruption of its production capabilities. 

Clorox said Friday it was “focusing on maximizing shipments and restocking trade inventories.”

Clorox products were in high demand during the height of the COVID-19 pandemic and current needs will likely be tested as students return to school across the country and infections start to rise. 

The company thanked customers and suppliers for their patience as the company worked to fully restore normal operations. 

The company has not provided details regarding how the suspected hackers managed to access the Clorox IT network, nor has the company disclosed what, if any, corporate information or customer data was exfiltrated. 

The longer term impacts on Clorox have yet to fully play out, according to analysts. 

“One of the challenges of being hit with a cyberattack as a consumer goods company is that any moment of downtime has ripple effects,” Allie Mellen, principal analyst of security and risk at Forrester, said via email.

There could be some impact on quarterly earnings, Mellen said, and rival firms may have filled some of the void left by product shortages “to get their foot in the door with consumers.”

Clorox in its Sept. 18 filing with the Securities and Exchange Commission said the cyberattack would be material to its fiscal first-quarter financial results due to order processing delays and product shortages. 

In an online FAQ page the company said if any sensitive data was accessed, it would notify individuals as appropriate. 

Clorox brought in third-party cybersecurity experts to help respond to the attack and restore normal operations. The company also said it notified law enforcement immediately after the attack in mid-August. 

The Clorox August hack was one of the biggest to impact a major manufacturing company in the U.S. this year. Just last week, Johnson Controls International, a Cork, Ireland-based company founded in Milwaukee, disclosed a massive cyberattack that it warned would disrupt its business operations.

Earlier this year, Dole, the fresh produce giant, reported a ransomware attack that briefly disrupted the company’s production in the U.S. and other markets.