This is not how you want to start your day or spend your lunch money, click Read More below.
Cybersecurity Incident
During the weekend of September 23, 2023, the Company experienced a cybersecurity incident impacting its internal information technology ("IT") infrastructure and applications. The incident was detected shortly after receiving reports of outages to certain of the Company’s systems. Promptly after detecting the issue, the Company implemented its incident management and response plan and business continuity plans, including implementing remediation measures to mitigate the impact of the incident and restore affected systems and functions. The Company also engaged leading cybersecurity experts and other specialized consultants to assist in its investigation and remediation of the incident, as well as the restoration of impacted applications and systems. The Company’s investigation and remediation efforts remain ongoing, including the analysis of data accessed, exfiltrated or otherwise impacted during the cybersecurity incident. Based on the information reviewed to date, the Company believes the unauthorized activity has been contained and has not observed evidence of any impact to its digital products, services and solutions, including OpenBlue and Metasys.
The cybersecurity incident consisted of unauthorized access, data exfiltration and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure. The incident caused disruptions and limitation of access to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, which disruptions and limitations continued into the early portion of the first quarter of fiscal 2024. To date, the Company has restored the impacted applications and systems.
The impact on net income for the three months ended December 31, 2023 of lost and deferred revenues, net of revenues deferred at the end of fiscal 2023 and recognized in the first quarter of fiscal 2024, and expenses during the quarter was approximately $27 million. These impacts were primarily attributable to expenses associated with the response to, and remediation of, the incident, and are net of insurance recoveries.
The Company expects to incur additional expenses associated with the response to, and remediation of, the incident throughout fiscal 2024, most of which the Company expects to incur in the first half of the year. These expenses include third-party expenditures, including IT recovery and forensic experts and others performing professional services to investigate and remediate the incident, as well as incremental operating expenses incurred from the resulting disruption to the Company’s business operations. Further, the cybersecurity incident caused disruptions to certain of the Company’s billing systems, which negatively impacted cash provided from operations during the first quarter of fiscal 2024. The overall impact of the cybersecurity incident in fiscal 2024 is not expected to be material to net income, net of insurance recoveries, or cash flows from continuing operations; however, the timing of recognizing the insurance recoveries may differ from the timing of recognizing the associated expenses.
Â
The Company maintains insurance covering certain losses associated with cybersecurity incidents. The Company currently expects that a substantial portion of its direct costs incurred related to containing, investigating and remediating the incident, as well as business interruption losses, will be reimbursed through insurance recoveries.
Â