XML 18 R7.htm IDEA: XBRL DOCUMENT v3.23.3
CYBERATTACK
 3 Months Ended
Sep. 30, 2023
Unusual or Infrequent Items, or Both [Abstract]  
CYBERATTACK CYBERATTACK
On Monday, August 14, 2023, the Company disclosed it had identified unauthorized activity on some of its Information Technology (IT) systems. That activity began on Friday, August 11, 2023 and after becoming aware of it that evening, the Company immediately began taking steps to stop and remediate the activity. The Company also took certain systems offline and engaged third-party cybersecurity experts to support its investigation and recovery efforts. The Company implemented its business continuity plans, including manual ordering and processing procedures at a reduced rate of operations in order to continue servicing its customers. However, the incident resulted in wide-scale disruptions to the Company’s business operations throughout the remainder of the quarter.
The impacts of these system disruptions included order processing delays and significant product outages, resulting in a negative impact on net sales and earnings. The Company has since transitioned back to automated order processing and the vast majority of orders are taking place in an automated manner. The Company expects to experience ongoing, but lessening, operational impacts in the second quarter as it makes progress in returning to normalized operations.
The Company also incurred incremental expenses of approximately $24 as a result of the cyberattack for the three months ended September 30, 2023. The following table summarizes the recognition of costs in the condensed consolidated statement of earnings and comprehensive income:

Three months ended
9/30/2023
Costs of products sold
$11 
Selling and administrative expenses
13 
Total
$24 

The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company’s business operations. The Company expects to incur additional costs related to the
cyberattack in future periods. The Company has not recognized any insurance proceeds in the three months ended September 30, 2023 related to the cyberattack. The timing of recognizing insurance recoveries, if any, may differ from the timing of recognizing the associated expenses.