Clorox CISO flushes self after multimillion-dollar cyberattack
Plus: Ransomware crooks file SEC complaint against victim
The Clorox Company's chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars.
Amy Bogac held the title of chief information security officer (CISO) and VP of enterprise security and infrastructure at Clorox since June 2021, per her LinkedIn profile.
It's understood she is leaving the biz as it recovers from its security breach. It is entirely possible she left out of frustration or as a scapegoat by management. Bogac is a seasoned veteran in the IT world, having handled infosec and infrastructure at various big names including Walgreens and the Kellog Company.
While her LinkedIn profile doesn't indicate any job changes, Friday was Bogac's last day at the multinational cleaning product conglomerate, according to Bloomberg News, which reviewed an internal memo and cited two people familiar with the matter.
Bogac did not respond to The Register's inquiries, and a Clorox spokesperson declined to say if Bogac remains on staff.
"Out of respect to our current and former teammates, we do not comment on personnel matters," the spokesperson replied.
Chau Banks, the chief information and data officer of the $7 billion biz, who reportedly penned the memo, will fill Bogac's role as Clorox continues mopping up the mess searches for and hires a replacement.
"She was a champion of cyber security best practices externally and across the company through her ongoing participation in our Lunch With a Leader series to influence and educate others on cyber security awareness and relevant topics," the memo read. "During her time at Clorox, she also developed a strong Security & Infrastructure team."
Clorox first disclosed its computer network had been compromised in a US Securities and Exchange Commission filing in August. At the time, it said some of its IT systems and operations had been "temporarily impaired" due to "unauthorized activity" in its IT environment.
A subsequent SEC filing in September noted "wide scale disruption" across the business because of the intrusion.
Those disruptions included processing orders by hand after some systems were taken offline. "The company is operating at a lower rate of order processing and has recently begun to experience an elevated level of consumer product availability issues," Clorox said at the time.
- The Clorox Company admits cyberattack causing 'widescale disruption'
- Clorox cleans up IT security breach that soaked its biz ops
- Impatient LockBit says it's leaked 50GB of stolen Boeing files after ransom fails to land
- Ransomware royale: US confirms Royal, BlackSuit are linked
In its first-quarter fiscal 2024 earnings report at the start of this month, Clorox reported a 20 percent drop in year-on-year Q1 net sales and noted the $356 million decrease was "driven largely" by the cyberattack.
In a subsequent SEC filing, Clorox noted that expenses related to the network break-in for the three months ending September 30 totaled $24 million.
"The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the company's business operations," according to the Form 10-Q filing.
Clorox also revealed it expects to incur more expenses related to the security super-snafu in future periods. ®