XML 19 R8.htm IDEA: XBRL DOCUMENT v3.24.1.u1
CYBERATTACK
 9 Months Ended
Mar. 31, 2024
Unusual or Infrequent Items, or Both [Abstract]  
CYBERATTACK CYBERATTACK
On Monday, August 14, 2023, the Company disclosed it had identified unauthorized activity on some of its Information Technology (IT) systems. That activity began on Friday, August 11, 2023 and after becoming aware of it that evening, the Company immediately began taking steps to stop and remediate the activity. The Company also took certain systems offline and engaged third-party cybersecurity experts to support its investigation and recovery efforts. The Company implemented its business continuity plans, including manual ordering and processing procedures at a reduced rate of operations in order to continue servicing its customers. However, the incident resulted in wide-scale disruptions to the Company’s business operations throughout the remainder of the quarter ended September 30, 2023.
The impacts of these system disruptions included order processing delays and significant product outages, resulting in a negative impact on net sales and earnings. The Company has since transitioned back to automated order processing. The Company experienced lessening operational impacts in the second quarter and has since returned to substantially normalized operations.
The Company also incurred incremental expenses of approximately $8 and $57 as a result of the cyberattack for the three and nine months ended March 31, 2024, respectively. The following table summarizes the recognition of costs in the condensed consolidated statements of earnings and comprehensive income:

Three months endedNine months ended
3/31/20243/31/2024
Costs of products sold
$$21 
Selling and administrative expenses36 
Total$$57 
The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company’s business operations. The Company expects to incur lessening costs related to the cyberattack in future periods. The Company has not recognized any insurance proceeds in the three and nine months ended March 31, 2024 related to the cyberattack. The timing of recognizing insurance recoveries, if any, may differ from the timing of recognizing the associated expenses.