Johnson Controls Ransomware Attack Cost Company $27 million

Johnson Controls International has revealed that last September’s ransomware attack cost the company $27 million in expenses.

In its earnings report filed with the U.S. Securities and Exchange Commission (SEC), the smart building product developer confirmed the ransomware attack compromised its internal data.

In its initial statement, Johnson Controls wrote that it had “experienced disruptions in portions of its internal information technology infrastructure and applications,” though it did not disclose the nature of the attack.

Now, in its updated report, the company said the cybersecurity incident consisted of “unauthorized access, data exfiltration and deployment of ransomware by a third party,” impacting a large portion of the company's internal IT infrastructure.

Also revealed in the filing was that the expenses associated with responding and remediating the cyberattack amounted to $27 million.

"The impact on net income for the three months ended December 31, 2023, of lost and deferred revenues, net of revenues deferred at the end of fiscal 2023 and recognized in the first quarter of fiscal 2024, and expenses during the quarter was approximately $27 million,” the report said.

While the full financial ripple effect of the attack is still developing, Johnson Controls said it has largely restored the impacted applications and systems

Related:Vans Parent Company Cyberattack Impacts 35M