The industrial controls conglomerate said a threat actor stole data and deployed ransomware on its internal IT infrastructure.
The attack, which threat analysts at the time described as severe, led to widespread concerns about potential downstream impacts on Johnson Controls’ customers.
The company, founded in Milwaukee but headquartered in Cork, Ireland, said its investigation and remediation efforts remain ongoing, including analyzing the data accessed, stolen, or otherwise impacted during the attack.
“Based on the information reviewed to date, the company believes the unauthorized activity has been contained and has not observed evidence of any impact to its digital products, services and solutions, including OpenBlue and Metasys,” Johnson Controls said.
The company expects additional losses from its response and remediation efforts throughout fiscal 2024. Yet, it doesn’t expect the overall impact of the attack to be material on net income, as it anticipates a substantial portion of direct costs to be reimbursed through insurance recoveries.
