Cyber attack’s are a major problem for all modern companies. They are expensive to prevent, recover from both in real dollars and market share.
Kingsford’s parent company, Clorox, had one at the end of the summer which they were still cleaning-up at the beginning of the month. We received notification that Ace Hardware noticed one Sunday morning.
Updated Story 11/3/23
Ace Hardware president and CEO sent out an email to retailers updating them on the situation with the cyber attack. It has left stores without stock, and has made it so you can’t order from Ace Hardware’s website.
Ace is still working on their contingency plan to allow them to process orders in the near future. According to the new email seen by BleepingComputer, Ace has 1,400 servers and 3,500 networked devices.
Of those, 1,202 devices, including 196 servers were hit in the attack. At last update, 51% of the servers were restored and were in the process of being made fully operational.
Original Story From 10/30/23
Ace Hardware Cyber Security Incident
Today Ace Hardware sent out a notification to all Ace locations and customers about a cybersecurity incident.
On Sunday morning, we detected a cybersecurity incident that is impacting the majority of our IT systems. As a result of this incident, many of our key operating systems, including ACENET, our Warehouse Management Systems, the Ace Retailer Mobile Assistant (ARMA), Hot Sheets, Invoices, Ace Rewards and the Care Center’s phone system have been interrupted or suspended. More specifically, the impact of this incident is resulting in disruptions to your shipments. Scheduled deliveries will not be occurring on Monday, October 30, 2023. Additionally, we are requesting that you hold off on placing additional orders on Monday.
Your Ace team, along with the support of a group of technical forensic experts, is working feverishly to resolve this situation. Nothing is more important than restoring all operations as soon as humanly possible. As we are dealing with a fast moving, dynamic situation, details will be changing rapidly. We are committed to a steady flow of communication to keep you abreast of the situation.
While this is a dreadfully unfortunate situation, we will tackle it head on and get through it as a team. Thank you for your support and understanding.
John Venhuizen, President & CEO
That’s a major disruption for their business. Until they can process orders properly, they can’t sell inventory that’s not in stock at a retail location.
That’s problematic from a revenue standpoint for out of stock items, but also it can hurt their market share. If a customer doesn’t want to wait to purchase at Ace, they’ll likely go somewhere else and develop a relationship with that retailer.
The timing is also a problem because we’re heading into the prime holiday selling season. Hopefully Ace can get everything back online soon.
Clorox Cyber Security Incident
Much like Ace, Clorox also had a cyber security incident recently. On August 14th of 2023 they announced that they identified unauthorized activity in their system in what was said to be a ransomware attack.
This caused Clorox to take some of their systems offline, and idle much of their manufacturing across their brands. They had to go to manual order processing to keep their business limping along, but at a much slower rate.
The cybersecurity attack damaged portions of the Company’s IT infrastructure, which caused widescale disruption of Clorox’s operations. The Company is repairing the infrastructure and is reintegrating the systems that were proactively taken offline. The Company expects to begin the process of transitioning back to normal automated order processing the week of Sept. 25. Clorox has already resumed production at the vast majority of its manufacturing sites and expects the ramp up to full production to occur over time. At this time, the Company cannot estimate how long it will take to resume fully normalized operations.
Clorox September 18th, 2023 SEC Filing
Clorox was left repairing their IT infrastructure for about a month and a half, which is a significant amount of time. They reported preliminary financial results on October 4th and estimated that their sales would decrease by 23% – 28% from the same quarter a year ago as a result of the attack.
Factoring in projected growth, the cyber security incident cost them around $500 million on the quarter in revenue. They’ll likely be able to recoup some of that money through insurance, but they didn’t project the amount.
Much like with Ace, there could be ripples in their business beyond the immediate impact. Clorox had just celebrating getting market share back for their Kingsford brand through improved merchandising efforts.
Product outages can cause consumers to try other brands to the detriment of Kingsford’s market share. Clorox is still evaluating the long term effects to their business and the full year financial outlook.