Cyber Incident Victim: Procter & Gamble

In early February 2023, Procter & Gamble (P&G) discovered a cybersecurity incident affecting one of its subsidiary companies. The breach stemmed from exploitation of a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) solution, a third-party service used by the organization. Upon identifying the incident, P&G immediately initiated an investigation, disabled Fortra’s GoAnywhere services across its operations, and notified affected employees. The company confirmed unauthorized actors accessed "some information" related to employees but emphasized the compromised data excluded sensitive details such as Social Security numbers, national identification numbers, credit card information, or bank account data. P&G stated no customer data was impacted and affirmed business operations continued without disruption. The Russia-linked Cl0p ransomware syndicate claimed responsibility for the attack, listing P&G among dozens of victims allegedly compromised through the same GoAnywhere flaw.

Cl0p publicly disclosed its exploitation of the Fortra vulnerability on its dark web leak site, asserting it had breached approximately 130 organizations globally. Other confirmed victims included Shell, Hitachi, Hatch Bank, Stanford University, Rubrik, and Virgin. The gang had resumed operations earlier in February 2023 after a hiatus following the arrest of several affiliates in late 2021. Security analysts noted Cl0p’s transparency about the zero-day exploit might indicate the tool had become obsolete, potentially serving as a diversion to obscure concurrent attacks. P&G, a consumer goods corporation with $80.2 billion in fiscal year 2022 revenue and over 100,000 employees worldwide, did not disclose financial losses or operational delays resulting from the incident. The company maintained there was no evidence of further lateral movement or secondary compromises following containment actions.