Mondelez Still Suffering From Cyber Attack


While the impact of a June malware attack on Mondelez International Inc. was severe, the 2.3 percentage point impact on sales was smaller than the 3 points projected by the company earlier in July. The cost from the attack was estimated at just over $150 million in lost sales and incremental expenses, but Mondelez said recovery work will continue into the second half of the year.

In its second-quarter earnings announcement, Mondelez offered additional detail about the attack and associated financial costs.

“On June 27, 2017, a global malware incident impacted the company’s business,” Mondelez said. “The malware affected a significant portion of the company’s global Windows-based applications and its sales, distribution and financial networks across the company. During the last four days of the second quarter and early third quarter, the company executed business continuity and contingency plans to contain the impact and minimize the damages from the malware and restore its systems. This allowed the company to service customer needs and continue sales and production at a reduced capacity while progressing recovery activities. Based on the nature of the malware and its impact to the company’s technology, the company did not expect nor to date has it found any instances of company or personal data released externally.

“Although the company believes it has now largely contained the disruption and restored a majority of its affected systems, the company anticipates additional work during the second half of 2017 as the company continues to recover and further enhance the security of its systems. For the second quarter, the company estimates that the malware incident had a negative impact of 2.3% on its net revenue growth and 2.4% on its organic revenue growth. The company also incurred incremental expenses of $7.1 million as a result of the incident.”

In an Aug. 2 conference call with investment analysts, Irene Rosenfeld, chairman and chief executive officer, said Mondelez was not yet “back to normal.”

Considerable background during the call was offered by Brian T. Gladden, chief financial officer:

“In terms of our results, the malware incident had a negative impact of approximately 240 basis points to organic net revenue or about $140 million. We expect to recover a majority of the delayed second-quarter shipments in our third quarter, and we’ve made good progress in shipping these orders during the month of July.

“We did, however, permanently lose some revenue due to shorter supply chains, missed promotions and lost consumption in some markets. That said, we do not believe the incident has had any long-term impact to our customer relationships or market share. We’re pleased with our execution during this crisis and believe that our business continuity plans were effective in minimizing the impact to our customers and to our ongoing financial results. As you can imagine, we’re conducting a comprehensive review of the incident to determine any potential opportunities to further improve the security of our global systems environment. Currently, we do not expect the required investments to be material to our results.

“This event has underscored the resiliency of our team and their ability to pull together in the face of adversity. I’d like to thank our teams for their tireless efforts to put us back on track and ensure that we’re focused most importantly on our customers and consumers.”

The impact of the attack was most severe in the Mondelez North America region, largely because of lost consumption associated with the timing just before July 4, Mr. Gladden said.