Clorox Expects Q1 Loss Following Attack by Caesars, MGM Hackers

Posted on: October 5, 2023, 10:57h. 

Last updated on: October 7, 2023, 12:44h.

Todd Shriber @etfgodfather Read More
Expertise: Financial, Gaming Business, Mergers and Acquisitions.

Shares of consumer staples giant Clorox (NYSE: CLX) are lower by nearly 9% in midday trading Thursday. That’s after the company warned investors it expects to report a fiscal first-quarter loss following a recent cyber attack.

Clorox
Clorox forecast dismal first-quarter results. The company was hit by the same hackers who targeted Caesars and MGM. (Image: Wall Street Journal)

While the company behind the Brita, Burt’s Bees, Liquid-Plumr, and Pine-Sol brands, among others, didn’t mention “Scattered Spider” by name, it’s believed that group is behind a recent data breach that adversely affected Clorox. Scattered Spider, which is also referred to as UNC 3944, among other names, extracted a payment believed to be in the range of $15 million to $30 million from Caesars Entertainment (NASDAQ: CZR) and wreaked havoc on MGM Resorts International’s (NYSE: MGM) casino hotels across the country.

Based on its current assessment of the situation, the company expects to experience ongoing, but lessening, operational impacts in the second quarter as it makes progress in returning to normalized operations,” said Clorox regarding the breach. “The company also expects to begin to benefit from the restocking of retailer inventories as it ramps up fulfillment in the second quarter.”

The maker of Fresh Step, Glad, and Hidden Valley products said it expects a fiscal first-quarter net earnings per share loss of 35 cents to 75 cents, adding net sales for the period could decline 23% to 28%.

Clorox Faced ‘Widescale Disruption’

Ransomware attacks are increasingly common because, as highlighted by the attack on Caesars and many companies, victims are compelled to pay the threat actors or risk significant financial damage. That appears to be what the attack on Clorox resulted in.

Cybersecurity experts and providers have warned about the increasing frequency of ransomware attacks. Last month, identity management company Okta cautioned that five of its clients, including Caesars and MGM, recently suffered such attacks. It’s not clear if Okta is a vendor to Clorox.

The consumer goods producer endured what it characterized as “widescale disruption” at the hands of the hackers.

“The company is operating at a lower rate of order processing and has recently begun to experience an elevated level of consumer product availability issues,” said Clorox in a September 18 filing with the Securities and Exchange Commission (SEC). “The cybersecurity attack damaged portions of the Company’s IT infrastructure, which caused widescale disruption of Clorox’s operations.”

Still Waiting on MGM Update

Recently enacted rules by the SEC mandate that publicly traded companies must tell investors material information pertaining to cybersecurity risk management, strategy, and governance.

Clorox obliged, as an October 4 Form 8-K filing with the commission was the company’s third since August 14 regarding the cyber breach. Likewise, via a regulatory filing, Caesars told investors that one of its insurance carriers picked up the tab for a ransomware payment.

That leaves MGM as something of an outlier because while Scattered Spider’s attack on the Cosmopolitan operator lasted 10 days, the company hasn’t made a filing with the SEC since September 13. When it comes to cyber incidents, the commission expects faster updates.

“An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material,” according to the agency. “The disclosure may be delayed if the United States Attorney General determines that immediate disclosure would pose a substantial risk to national security or public safety and notifies the Commission of such determination in writing.”