UNITED STATES SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 8-K
CURRENT REPORT
Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934
| | | | | | | | |
Date of Report (Date of Earliest Event Reported): | | November 13, 2023 |
JOHNSON CONTROLS INTERNATIONAL PLC
(Exact name of registrant as specified in its charter)
| | | | | | | | | | | | | | |
Ireland | | 001-13836 | | 98-0390500 |
(State or Other Jurisdiction of incorporation) | | (Commission File Number) | | (I.R.S. Employer Identification Number) |
One Albert Quay. Cork, Ireland, T12 X8N6
(Address of principal executive offices and postal code)
| | | | | | | | |
(353) | 21-423-5000 | Not Applicable |
(Registrant’s telephone number) | (Former name, former address and former fiscal year, if changed since last report) |
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)
☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))
Securities registered pursuant to Section 12(b) of the Act: | | | | | | | | |
Title of Each Class | Trading Symbol | Name of Each Exchange on Which Registered |
Ordinary Shares, Par Value $0.01 | JCI | New York Stock Exchange |
3.625% Senior Notes due 2024 | JCI24A | New York Stock Exchange |
1.375% Notes due 2025 | JCI25A | New York Stock Exchange |
3.900% Notes due 2026 | JCI26A | New York Stock Exchange |
0.375% Senior Notes due 2027 | JCI27 | New York Stock Exchange |
3.000% Senior Notes due 2028 | JCI28 | New York Stock Exchange |
1.750% Senior Notes due 2030 | JCI30 | New York Stock Exchange |
2.000% Sustainability-Linked Senior Notes due 2031 | JCI31 | New York Stock Exchange |
1.000% Senior Notes due 2032 | JCI32 | New York Stock Exchange |
4.900% Senior Notes due 2032 | JCI32A | New York Stock Exchange |
4.250% Senior Notes due 2035 | JCI35 | New York Stock Exchange |
6.000% Notes due 2036 | JCI36A | New York Stock Exchange |
5.70% Senior Notes due 2041 | JCI41B | New York Stock Exchange |
5.250% Senior Notes due 2041 | JCI41C | New York Stock Exchange |
4.625% Senior Notes due 2044 | JCI44A | New York Stock Exchange |
5.125% Notes due 2045 | JCI45B | New York Stock Exchange |
6.950% Debentures due December 1, 2045 | JCI45A | New York Stock Exchange |
4.500% Senior Notes due 2047 | JCI47 | New York Stock Exchange |
4.950% Senior Notes due 2064 | JCI64A | New York Stock Exchange |
| | | | | | | | |
Indicate by check mark whether the registrant is an emerging growth company as defined in as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter). | |
| | |
| Emerging growth company | ☐ |
| | |
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. | ☐ |
Item 8.01 Other Events.
Johnson Controls International plc (the “Company”) previously announced that it had experienced disruptions in portions of its internal information technology (IT) infrastructure and applications resulting from a cybersecurity incident. The incident was initially detected by the Company during the weekend of September 23, 2023 following outages to certain of the Company’s systems. Promptly after detecting the issue, the Company implemented its incident management and response plan and business continuity plans, including implementing remediation measures to mitigate the impact of the incident and restore affected systems and functions. The Company also engaged leading cybersecurity experts and other specialized consultants to assist in its investigation and remediation of the incident, as well as the restoration of impacted applications and systems.
The cybersecurity incident consisted of unauthorized access and deployment of ransomware by a third party to a portion of the Company’s internal IT infrastructure. The incident caused disruptions and limitation of access to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions. To date, the Company has largely restored the impacted applications and systems, and continues to execute business continuity and restoration plans for the remaining impacted applications and systems. Based on the information reviewed to date, the Company believes the unauthorized activity has been contained. The Company’s investigation and remediation efforts remain ongoing, including the analysis of data accessed, exfiltrated or otherwise impacted during the cybersecurity incident. Based on the information reviewed to date, the Company has not observed evidence of any impact to its digital products, services and solutions, including OpenBlue and Metasys.
The cybersecurity incident caused disruptions to portions of the Company’s systems that support or provide data used in financial reporting. Even though the functionality of these systems has largely been restored and the associated data has been reconciled and verified, the Company expects that, due to the timing and impact of the incident relative to the Company’s September 30, 2023 fiscal year-end, the Company will be delayed in reporting its fiscal 2023 fourth quarter and year-end results. The Company currently expects that it will report fiscal fourth quarter and year-end results by December 14, 2023 and within the Rule 12b-25 period available to the Company for its Annual Report on Form 10-K for fiscal year 2023. The Company will provide an update via press release on the specific timing of its fiscal fourth quarter and year-end results when it has greater certainty on the timing of the completion of its financial close and reporting process.
The Company continues to evaluate the business, financial and related impacts of the cybersecurity incident on its fiscal 2023 fourth quarter and year end results.
Johnson Controls International plc Cautionary Statement Regarding Forward-Looking Statements
The Company has made statements in this communication that are forward-looking and therefore are subject to risks and uncertainties. All statements in this document other than statements of historical fact are, or could be, "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Words such as "may," "will," "expect," "intend," "estimate," "anticipate," "believe," "should," "forecast," "project" or "plan" and terms of similar meaning are also generally intended to identify forward-looking statements. However, the absence of these words does not mean that a statement is not forward-looking. The Company cautions that these statements are subject to numerous important risks, uncertainties, assumptions and other factors, some of which are beyond its control, that could cause its actual results to differ materially from those expressed or implied by such forward-looking statements, including, among others: additional information regarding the extent of the cybersecurity incident that the Company may uncover during its ongoing investigation; the Company’s ability to assess and remedy the incident; the Company’s ability to service its customers during and following the incident; the compromise or improper use of sensitive, proprietary, confidential financial, or personal data or information resulting in negative consequences such as fines, penalties, or loss of reputation, competitiveness or customers; incremental expenses associated with the Company’s on-going assessment and remediation of the incident; the nature and scope of any claims, litigation or regulatory proceedings that may be brought against the Company or
other affected parties as a result of the incident; the availability of insurance coverage; other legal, reputational and financial risks resulting from this or other cybersecurity incidents and the potential impact of this incident on the Company’s revenues, operating expenses, and operating results; the length and scope of disruptions to the Company’s business operations caused by the incident; and the other factors set forth in in the Company’s Annual Report on Form 10-K for the 2022 fiscal year filed with the SEC on November 15, 2022, which is available at www.sec.gov and www.johnsoncontrols.com under the "Investors" tab. Shareholders, potential investors and others should consider these factors in evaluating the forward-looking statements and should not place undue reliance on such statements. The forward-looking statements included in this communication are made only as of the date of this document, unless otherwise specified, and, except as required by law, Johnson Controls assumes no obligation, and disclaims any obligation, to update such statements to reflect events or circumstances occurring after the date of this communication.
SIGNATURE
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
JOHNSON CONTROLS INTERNATIONAL PLC
| | | | | | | | | | | | | | |
Date: November 13, 2023 | | By: | /s/ Richard J. Dancy |
| | | Name: | Richard J. Dancy |
| | | Title: | Vice President and Corporate Secretary |