Cyber Security Incident
(May 17, 2021) Ardagh Group S.A. (the “Group”) (NYSE: ARD) announces that it recently experienced a cyber security incident, in response to which the Group promptly initiated defence and containment procedures, including pro-actively shutting down certain IT systems and applications.
The Group’s IT team, supported by external cyber security and other specialists, has been working to remediate this issue, while continuing to safely operate our facilities. We are progressively bringing key systems back online securely, in a phased manner. This is proceeding according to plan and is expected to be substantially achieved by the end of this month.
We have engaged leading industry specialists to conduct a forensic investigation of this incident, and we will take appropriate actions in response to the findings. We have introduced new protection tools across our network to ensure an immediately enhanced level of security. Our technology roadmap is being reviewed and planned IT investments are being accelerated to further improve the effectiveness of our information security capabilities.
Production at all of the Group’s metal beverage packaging and glass packaging facilities has continued to operate throughout this period. While products have continued to be shipped to customers, we have experienced some delays as a result of this incident. Certain other processes, including some supply chain operations, have been affected, and alternative solutions, including manual workarounds, have been implemented, to enable us to continue to respond to our customers’ needs. We acknowledge the continued dedication and commitment of our employees during this period.
Delivery of the Group’s business growth investment projects has not been impacted by this incident and remains on track.
While every effort is being made to minimise the impact on our operations, and our customers and suppliers, this incident has resulted in some delay and disruption in parts of our business. This is likely to give rise to some deferral or loss of revenue, as well as to incremental costs. The Group maintains appropriate insurance in respect of a wide range of risks.
We continue to assess the overall operational and financial impact of this incident. Current indications are that it will not affect our full year 2021 guidance for the Group. We do not expect the incident to have any effect on the financial results or position of Ardagh Metal Packaging, which will receive an indemnity on customary terms from Ardagh Group S.A..
We will provide further updates as appropriate.
About Ardagh Group
Ardagh is a global supplier of infinitely-recyclable metal and glass packaging for the world’s leading brands. Ardagh operates 57 metal and glass production facilities in 12 countries, employing more than 16,000 people with sales of approximately $7 billion.
This press release includes “forward-looking statements” within the meaning of Section 27A of the U.S. Securities Act and Section 21E of the U.S. Securities Exchange Act of 1934, as amended, including statements regarding our understanding of the cyber security incident, our efforts to bring our affected
systems back online and our assessment of the potential consequences of the incident to the Group. Forward-looking statements are subject to known and unknown risks and uncertainties, many of which may be beyond our control. We caution you that the forward-looking information presented in this press release is not a guarantee of future events, and that actual events may differ materially from those made in or suggested by the forward-looking information contained in this press release. Factors that could cause or contribute to such differences include, but are not limited to, (a) the discovery of new or different information regarding the cyber security incident, (b) the possibility that our mitigation and remediation efforts may not be successful, (c) numerous financial, legal, reputational and other risks to the Group related to the cyber security incident, including risks that it may result in the loss, compromise or corruption of data, loss or deferral of business, severe reputational damage adversely affecting customer or vendor relationships and investor confidence, regulatory investigations and enforcement actions, litigation, indemnity obligations, damages for contractual breach, penalties for violation of applicable laws or regulations, incurrence of significant incremental costs for remediation and the incurrence of other liabilities, (d) risks that our insurance coverage may not be available or sufficient to compensate for all liabilities we incur related to the incident and (g) such other risks and uncertainties described more fully in documents filed with or furnished to the U.S. Securities and Exchange Commission. Any forward-looking information presented herein is made only as of the date of this press release, and we do not undertake any obligation to update or revise any forward-looking information to reflect changes in assumptions, the occurrence of unanticipated events, or otherwise.
Pat Walsh, Murray Consultants
Tel.: +1 646 776 5918 / +353 87 2269345