The ODP Corporation, parent company of Office Depot and CompuCom, on Friday provided an update regarding a malware incident affecting CompuCom on March 1.
The company expects that the breach will cost it $20 million in expenses, $10 million of which will be accrued during the first quarter of this year. It also anticipates a loss of revenue between $5 million and $8 million because it had to halt services to customers affected by the breach, according to a press release.
The executive team won't talk about the data breach or give more details on its financial performance until its first-quarter earnings call, which will likely take place on May 5, per the company statement.
The ODP Corporation breach comes as the company seeks to sell off assets and attract small business clients.
Last August, subsidiaries Office Depot and CompuCom began offering IT hardware and services for small and mid-sized businesses, but since then the company has confirmed it's looking to sell off CompuCom. At the start of the year, ODP reiterated its intentions to sell the business at the same time that it rejected a $2.1 billion offer by Sycamore-owned Staples to acquire the company. (Executives did, however, highlight two possible ways to partner with Staples, including a joint venture and an acquisition of only Office Depot's retail and consumer-facing e-commerce operations.)
Not all of CompuCom's customers were affected by the breach, but delivery capabilities, which were impacted, were largely restored as of March 17, the company said.
CompuCom initially disclosed the malware incident on March 3, stating that it was looking into the incident. "As soon as we became aware of the situation, we immediately took steps to contain it, and engaged leading cybersecurity experts to begin an investigation," the company stated in a press release at the time. "We are also communicating with customers to provide updates about the situation and the actions we are taking."
ODP Corporation noted that it has insurance, including cyber liability insurance, to protect a business of its size. It expects the insurance to cover some of the cost associated with the breach, per the press release. In addition to its insurance, the company has enhanced security measures and anti-malware protections while restoring its services to customers.
Correction: This story has been updated to make clear the data breach affected only CompuCom customers.