Clorox cleans up IT security breach that soaked its biz ops
Plus: Medical records for 4M people within reach of Clop gang after IBM MOVEit deployment hit
The Clorox Company has some cleaning up to do as some of its IT systems remain offline and operations "temporarily impaired" following a security breach.
In a filing Monday to the SEC, America's financial watchdog, the cleaning giant disclosed "unauthorized activity" in its networks.
The intrusion continues to disrupt "parts of the company's business operations," and it is "working diligently to respond to and address this issue, and is also coordinating with law enforcement," according to the Form 8-K submission.
The manufacturer has also hired third-party cybersecurity firms to help probe the mess and aid in the IT scrubbing efforts.
Clorox, whose brands include Glad, Tilex, Pine-Sol, Liquid-Plumr, and several other household and personal-care products, declined to answer any of The Register's specific questions about the bleach breach, including whether the intruders made off with any purloined data.
Instead, a spokesperson emailed us a statement that essentially repeats the SEC report in accounting the "recently identified unusual activity."
The statement continued:
Upon detection, we immediately took steps to stop the activity and took certain systems offline. While we are working diligently to respond to and address this issue, these systems will remain offline out of an abundance of caution, as we work to add additional protections and hardening measures to further secure them. As a result, some operations are temporarily impaired. We are following our business continuity plans and implementing workarounds where possible.
While we don't know when the break-in happened, or how long it took for Clorox to spot the hack, we anticipate learning more in the near future.
- You're not seeing double – yet another UK copshop is confessing to a data leak
- Can 'Mad Libs for incident response' prevent the next MOVEit fiasco?
- US government to investigate China's Microsoft email breach
- Medical files of 8M-plus people fall into hands of Clop via MOVEit mega-bug
"The investigation into the nature and scope of the incident remains ongoing and is in its very early stages," the Clorox spokesperson said. "Our team is working diligently to restore systems safely and quickly, and we will ensure all suppliers and customers are updated as appropriate." ®
IBM hit via MOVEit hole, 4m patients' data at risk
In other security breach news: the Colorado Department of Health Care Policy and Financing (HCPF) has notified more than 4 million people, primarily low-income health program patients, that their data may have been stolen by the Clop ransomware gang.
The department, which administers the US state's Medicaid and other health programs, is among the latest to be swept up in the massive MOVEit ransacking — although HCPF didn't use the Progress Software file transfer tool directly. It turns out IBM used MOVEit, IBM is one of the third-party vendors that has a technology contract with Colorado, and Clop broke into IBM's installation of the software to get at HCPF's data.
"No HCPF or State of Colorado systems were affected by this issue," according to a breach notification letter [PDF] from the dept.
Still, that's probably not much comfort to the 4,091,794 Health First Colorado and Child Health Plan Plus (CHP+) members whose information — including names, Social Security numbers, medical information, and health insurance information — may well have been accessed by the ransomware gang.
PS: US House Representative Don Bacon (R-NE) has said the suspected Chinese snoops who broke into Microsoft's email cloud and accessed US government messages, also broke into his personal and political inboxes.
"I thank the FBI for notifying me that the CCP hacked into my personal and campaign emails from May 15 to June 16 of this year," he said.
Biting the hand that feeds IT
