In a shocking turn of events, Johnson Controls has experienced a data breach. The news of the cyber attack was recently disclosed in an official filing with the Security and Exchange Commission (SEC). The breach has caused significant disruptions to the company’s IT infrastructure, affecting a portion of their system.
Reports indicate that the data breach was first detected in Asia and specifically targeted the company’s devices, such as the VMware ESXi servers. The extent of the breach has reached a point where a ransom demand has been made, although the identity of the threat actor responsible has not been disclosed.
The ransom amount requested by the attacker is estimated to be around $51 million. In addition, the threat actor has claimed to have deleted a substantial amount of stolen data, totaling 27 terabytes. The breach itself was executed through a ransomware attack, whereby the hacker group encrypted the company’s data and disrupted operations across various subsidiaries including York, Tyco, and Luxaire.
The impact of the cyber attack is still reverberating throughout the company. Several subsidiaries, including York, Simplex, and Ruskin, have experienced technical issues, as evidenced by outage messages on their respective websites and customer portals. This incident has not only exposed vulnerabilities in Johnson Control’s IT infrastructure but has also raised concerns about the company’s preparedness for future cyber threats.
Interestingly, this data breach is not the first incident of its kind for Johnson Controls. In both 2017 and 2019, the company faced similar attacks. In 2017, the attack was limited to the company’s surveillance cameras in Washington, D.C., which were allegedly affected by a ransomware attack. Then, in 2019, the company released a product security advisory due to a ransomware attack targeting a vulnerability in the Microsoft SMB protocol, potentially impacting certain Metasys installations.
In response to these incidents, the company published a white paper focusing on mitigating the risk of ransomware in smart buildings and emphasized the importance of proactive cybersecurity measures. However, the recent cyber attack has left some aspects of Johnson Control’s IT infrastructure vulnerable, with potential implications for its financial performance.
With a market cap of $37.11 billion, the company’s P/E ratio of 18.19 reflects a trading price relative to its near-term earnings growth. However, the disruption caused by the cyber attack introduces an element of uncertainty into the company’s financial outlook. Stakeholders and industry experts will closely monitor how Johnson Controls navigates through this crisis.
The upcoming earnings report, scheduled for November 9, 2023, will provide valuable insights into the financial impact of the incident and the company’s resilience in the face of evolving cyber threats.
Please note that this report is based on internal and external research obtained through various sources, and its accuracy should be assessed accordingly. The Cyber Express assumes no liability for the consequences of using this information.