Clorox Sues Cognizant Over Costly Cybersecurity Oversight
Clorox has filed a lawsuit against IT provider Cognizant, alleging negligence in a 2023 cyberattack. Hackers reportedly exploited weak security protocols, costing Clorox $380 million in damages. The attack occurred when hackers easily acquired passwords by asking Cognizant's support staff. Additional allegations include mishandling of data recovery and account deactivation.
In a dramatic legal escalation, household chemical giant Clorox has initiated a lawsuit against its information technology provider, Cognizant. The dispute centers around a severe cyberattack in 2023, with allegations that hackers extracted sensitive passwords merely by requesting them from support staff. The incident led to significant financial losses for the company.
The breach was orchestrated by the cyber group Scattered Spider, notorious for its ability to deceive IT help desks. Clorox claims that Cognizant failed to employ sufficient security verification, allowing hackers to infiltrate and manipulate the system with ease. Legal documents reveal conversations where hackers received password resets without adequate identity verification.
Clorox's lawsuit, highlighting damages of $380 million, also points to Cognizant's alleged mishandling of recovery processes, such as account deactivation and data restoration. The ease with which hackers accessed sensitive information without sophisticated techniques raises questions about security protocols. Cognizant has yet to respond to these claims.
(With inputs from agencies.)
Google News