XML 22 R7.htm IDEA: XBRL DOCUMENT v3.24.0.1
CYBERATTACK
 6 Months Ended
Dec. 31, 2023
Unusual or Infrequent Items, or Both [Abstract]  
CYBERATTACK CYBERATTACK
On Monday, August 14, 2023, the Company disclosed it had identified unauthorized activity on some of its Information Technology (IT) systems. That activity began on Friday, August 11, 2023 and after becoming aware of it that evening, the Company immediately began taking steps to stop and remediate the activity. The Company also took certain systems offline and engaged third-party cybersecurity experts to support its investigation and recovery efforts. The Company implemented its business continuity plans, including manual ordering and processing procedures at a reduced rate of operations in order to continue servicing its customers. However, the incident resulted in wide-scale disruptions to the Company’s business operations throughout the remainder of the quarter ended September 30, 2023.
The impacts of these system disruptions included order processing delays and significant product outages, resulting in a negative impact on net sales and earnings. The Company has since transitioned back to automated order processing. The Company experienced lessening operational impacts in the second quarter as it made progress in returning to normalized operations.
The Company also incurred incremental expenses of approximately $25 and $49 as a result of the cyberattack for the three and six months ended December 31, 2023, respectively. The following table summarizes the recognition of costs in the condensed consolidated statements of earnings and comprehensive income:

Three months endedSix months ended
12/31/202312/31/2023
Costs of products sold
$$20 
Selling and administrative expenses16 29 
Total$25 $49 
The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company’s business operations. The Company expects to incur lessening costs related to the cyberattack in future periods. The Company has not recognized any insurance proceeds in the three and six months ended December 31, 2023 related to the cyberattack. The timing of recognizing insurance recoveries, if any, may differ from the timing of recognizing the associated expenses.