Statement on Ransomware Attack

On September 2, 2020, Clean Harbors became aware that it was the target of a ransomware incident when we noticed the encryption of data on certain computers in our network. We immediately initiated our cybersecurity response plan, which included isolating devices, shutting off parts of our network, and notifying law enforcement. Third party experts were engaged to assist. We believe this incident is similar to those reported by other large companies recently where the purpose is to access a network, encrypt data and demand ransom.

The investigation is in the preliminary stages but has revealed initial findings of unauthorized access to files on Clean Harbors’ servers, some of this data was posted on sites generally inaccessible from the regular Internet. We are carefully reviewing information as it becomes available through the investigation to better understand the details of what has been accessed. We will take the appropriate steps to notify customers and individuals, if any, whose confidential information was affected once the investigation is complete, consistent with applicable laws or other legal obligations. Enhanced security capabilities and tools have been installed on devices across our network and we are working hard to complete a thorough investigation.

We do not expect this event to have a material financial effect on our business. While some of our systems were temporarily taken offline for the protection of our network, our IT systems were rapidly returned to normal operations. At the same time, the fundamentals of our business were unaffected throughout this event. Waste continued to be picked up at customer sites, transported and received at our plants, and properly disposed of. Services continued to be provided to our customers. We apologize for any inconvenience that this incident has caused our customers, and we appreciate their continued support as we complete our investigation.