As Federal Express continues to recover from the devastating NotPetya malware outbreak, the cost of the attack on the company continues to grow, topping $400 million in just the last six months.
FedEx said it is still recovering from the destructive wiper malware attack and reported a $100 million hit to its financial results in the second quarter of its 2018 fiscal year and an estimated $400 million hit in the first two quarters of its fiscal year – or $1.10 per share. Those costs were driven by loss of revenue due to decreased shipments in the TNT Express network and incremental costs to restore information technology systems at TNT, the company reported in a regulatory filing with the U.S. Securities and Exchange Commission.
Overall, FedEx’s prospects are improving as the NotPetya outbreak fades into the rear view mirror. Revenue for the company’s first half were up 7% and revenues jumped 9% in the second quarter alone. FedEx said that was due to “improved performance at all of our transportation segments.” At TNT Express “substantially all” services have been fully restored, critical business data has been recovered and shipping services and solutions are back in place,” FedEx said.
However, the NotPetya outbreak continued to act as a drag on the company’s performance. Not all customers are shipping at pre-attack volume levels. And, long-term, FedEx estimates that the outbreak will increase the cost of integrating the TNT subsidiary by an estimated $600 million, from $800 million overall to $1.4 billion – a 75% premium over FedEx’s initial estimates. The increased costs will come from FedEx’s decision to “accelerate the integration process and to increase investments to move TNT Express information technology, operations and commercial infrastructure to FedEx infrastructure due to the recent cyber attack at TNT Express.”
NotPetya first appeared in late June and spread by way of bogus updates for software by the Ukrainian firm MeDoc. TNT Express, a MeDoc customer, was hit hard. In July, FedEx said in a filing with the Securities and Exchange Commission (SEC) that TNT was “significantly affected” and that NotPetya would likely have a material impact on FedEx’s financial performance. In September, FedEx acknowledged that the infection cost it $300 million in the first quarter of its 2018 fiscal year and lowered its fiscal 2018 forecast by more than $1.00 per share from what it predicted prior to the NotPetya outbreak. The latest filing shows that NotPetya costs carried into the ficsal second quarter, knocking $100 million (or $.31 per share) off of FedEx’s earnings.
The filings show a variety of other impacts of the attack, as well, including a decline in FedEx’s operating margin in the second quarter and also drove a decline in operating income and margin in the first half of 2018, most related to lower volume business and the costs of remediation and recovery from the attack.
FedEx is one of a number of high profile companies affected by NotPetya. In October, the pharmaceutical giant Merck disclosed that the virus had shut down production of the pediatric vaccine GARDASIL last June, forcing the company to borrow the drug from a stockpile maintained by the U.S. Centers for Disease Control and Prevention to meet demand.
