FedEx, the worldwide package delivery giant, said in a regulatory filing on Tuesday that the NotPetya ransomware outbreak in late June has cost it an estimated $300 million dollars and forced the company to miss its fiscal first quarter earnings.
The company said in its quarterly “8K” report to the U.S. Securities and Exchange Commission (SEC) that the impact of NotPetya on TNT Express N.V., a newly acquired subsidiary based in The Netherlands.
“Worldwide operations of TNT Express were significantly affected during the first quarter by the June 27 NotPetya cyber attack,” the company reported. The subsidiary has restored “substantially all” critical operational systems but “volume, revenue and profit still remain below previous levels.”
The statement is the latest on the effects of NotPetya, which spread by way of bogus updates for software by the Ukrainian firm MeDoc. In July, FedEx said in a filing with the Securities and Exchange Commission (SEC) that TNT used the MeDoc financial software. A compromised update for that software was used to initially seed the NotPetya malware, which also spread using the Eternal Blue exploit for a known vulnerability in the Windows operating system.
FedEx acknowledged at the time that the NotPetya infection at its TNT Express subsidiary in June 2017, “significantly affected” the company’s worldwide operations and would likely have a material impact on FedEx’s financial performance, but that the company was “not yet able to determine the full extent of its impact.”
A $300 million Price Tag
The latest filing puts a price tag on the incident: $300 million. However, the full impact of the incident still hasn’t been accounted for. FedEx said it is lowering its fiscal 2018 forecast due to the estimated full-year impacts of the TNT Express cyber attack. Earnings are now projected to be $11.05 to $11.85 per diluted share for fiscal 2018, compared with estimates of $12.45 to $13.25 per diluted share prior to the NotPetya outbreak.
“The impact of the cyber attack on TNT Express and lower-than-expected results at FedEx Ground reduced our first quarter earnings,” said Alan B. Graf, Jr., FedEx Corp. executive vice president and chief financial officer.
Not the only Victim
FedEx is just the latest firm to warn that its finances will be impacted by the Petya outbreak. International snack and candy maker Mondelez of Deerfield, Illinois said on July 6th that the cyber attacks of June 27 will erase 3% from the company’s second quarter growth. “Given the timing of this significant global attack, despite our best efforts, we experienced disruption in our ability to ship and invoice during the last four days of our second quarter,” the company said. The company said it is “still assessing the full financial impact of this event, in addition to performing our normal quarter-end financial close process.”
Also in early July, the Financial Times reported that Reckitt Benckiser, a maker of consumer products like Nurofen and Durex condoms said that it expected losses of £110m ($142m), a second quarter sales drop of 2% compared to a year earlier and a 1 percent hit to its expected annual revenue growth. The company said in a statement that it was “making good progress in getting key applications and systems back on track” but that the full cost of the attack wasn’t yet known. The company has stated publicly that Petya affected its ability to manufacture and distribute product to customers in some 60 countries in which it operates.