Clorox Audit Revealed Cybersecurity Flaws at Its Plants in 2020
An internal review in 2019 and 2020 found that production systems weren’t properly protected by firewalls and security appliances, three former employees said. Clorox says the findings weren’t relevant to an August 2023 breach.
Clorox Disinfecting Wipes canisters move along a conveyor belt at the company's manufacturing facility in Forest Park, Georgia, in 2021.
Photographer: Matt Odom/BloombergA few years before a 2023 cyberattack disrupted manufacturing at one of the largest US producers of disinfectants ahead of flu season, an audit warned of systemic cybersecurity flaws within the company’s production systems.
Among the shortcomings highlighted by the internal audit at Clorox Co., conducted in 2019 and 2020, were outdated computers, some of them running older Windows 98 and Windows XP operating systems that left them vulnerable to intrusion, according to three former employees who described the audit’s findings. The auditors urged Clorox to create a kind of digital perimeter around manufacturing plants, about 30 in total, located in the US and overseas, isolating them to reduce the disruption of an attack, according to the former employees and two current employees.