CyberSecurityBoard
Sponsor Register Login

Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers

The 87-page complaint, lodged Tuesday in Alameda County Superior Court, alleges that Cognizant agents repeatedly reset passwords and multi-factor authentication (MFA) tokens for callers who posed as Clorox employees without asking a single security question. Clorox says it had provided Cognizant with strict credential-reset protocols such as verifying a manager’s name and sending confirmation emails, but that the vendor falsely assured the company its staff had been “educated” on the rules months before the breach. For now, Clorox says it has rebuilt its networks and returned to automated order processing, while Cognizant faces intensified scrutiny over how a routine support call spiraled into a crisis with sweeping operational and legal fallout. The Clorox Company, a leading household goods manufacturer, has filed a $380 million lawsuit against IT services provider Cognizant Technology Solutions. Clorox contends that misplaced trust allowed the Scattered Spider social-engineering group to paralyze manufacturing lines, force manual order processing, and incur roughly $49 million in remediation costs, as well as hundreds of millions in lost sales. According to the filing, the vendor took more than an hour to reinstall a security tool after the intruder disabled it, supplied an incorrect list of managed IP addresses, and dispatched engineers who lacked basic knowledge of Clorox’s environment, forcing the manufacturer to hire another firm. The lawsuit accuses Cognizant’s help-desk agents of inadvertently providing hackers with access to Clorox’s network during a security breach in August 2023. “Clorox hired Cognizant for a narrow scope of help-desk services, which Cognizant reasonably performed,” a company spokesperson said in an emailed statement Wednesday. Beyond the initial access, Clorox accuses Cognizant of botching the emergency response. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 23 Jul 2025 11:50:06 +0000


Cyber News related to Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers

Clorox lawsuit says help-desk contractors handed over passwords in 2023 cyberattack | The Record from Recorded Future News - Cleaning product giant Clorox has filed a lawsuit against Cognizant, a company it hired to operate its IT services call-in help desk, accusing the contractor of being directly responsible for a 2023 cyberattack that cost hundreds of millions. In ...
7 hours ago Therecord.media
Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit - However, the complaint alleges that on August 11, 2023, recordings show that a cybercriminal called Cognizant's Service Desk multiple times, pretending to be a Clorox representative requesting password and multi-factor authentication resets. Clorox's ...
3 hours ago Bleepingcomputer.com
Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers - The 87-page complaint, lodged Tuesday in Alameda County Superior Court, alleges that Cognizant agents repeatedly reset passwords and multi-factor authentication (MFA) tokens for callers who posed as Clorox employees without asking a single security ...
9 hours ago Cybersecuritynews.com Scattered Spider
Clorox says cyberattack caused $49 million in expenses - Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. Clorox is an American manufacturer of consumer and professional cleaning products with 8,700 employees ...
1 year ago Bleepingcomputer.com Scattered Spider
Employee giving and volunteerism drives positive business outcomes - Cisco was honored last year to win the top spot on People's 2023 List of Companies That Care, and a key factor was our employee culture of giving back. We've been on a multi-year journey to engage our employees for positive impact at scale. Not only ...
1 year ago Feedpress.me
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
1 year ago Cyberdefensemagazine.com
Clorox counts the cost of cyberattack - Cleaning products maker Clorox has reported losses of $49 million in connection to a cyberattack it suffered in August of last year. On Monday, August 14, 2023, Clorox disclosed it had identified unauthorized activity on some of its IT systems. ...
1 year ago Malwarebytes.com
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
9 months ago Feedpress.me
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
9 months ago Techrepublic.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
1 year ago Bloomberg.com LockBit
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
1 year ago Techrepublic.com
How To Assess MDR Providers with MITRE ATT&CK Steps - It has become essential for organizations to leverage managed detection and response (MDR) solutions in order to protect their systems and data from the ever-increasing number of cybersecurity threats. However, when assessing potential MDR providers, ...
2 years ago Csoonline.com
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
1 year ago Techtarget.com
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
1 year ago Esecurityplanet.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
1 year ago Techrepublic.com
Cofense enhances PhishMe to identify engagement and resilience gaps across all employee levels - Cofense unveiled new enhancements to its PhishMe Employee Security Awareness Training Platform. Employee Engagement Index, is set to transform how organizations manage email security risks. The introduction of the Employee Engagement Index transforms ...
1 year ago Helpnetsecurity.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
How Human Elements Impact Email Security - Human factors heavily influence email security, with individuals' vulnerability to phishing and social engineering playing a crucial role in compromising email systems. From an employee clicking on a spam link to accidentally giving out their ...
1 year ago Hackread.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
1 year ago Techrepublic.com
The Ethics And Privacy Concerns Of Employee Monitoring: Insights From Data Privacy Expert Ken Cox - Despite the technological advancements brought by automation and the enhanced capabilities of data analytics that have transformed decision-making processes, the digital age has proved to be a double-edged sword with an unsettling rise in employee ...
1 year ago Cyberdefensemagazine.com
LastPass is enforcing some security changes to user accounts - LastPass is making some changes to enhance the security of its to user accounts. The news comes as a follow-up to the company's plans to enforce stronger passwords a few months ago. ADVERTISEMENT. A brief recap of the LastPass security breaches. ...
1 year ago Ghacks.net
Hackers breach Australian court hearing database - The court system for Australia's second-most-populated state was hit by a ransomware attack that potentially exposed sensitive recordings of some court hearings. Court Services Victoria, an administrative body that supports the operations of the ...
1 year ago Therecord.media Qilin
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches - In January, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Sichuan Juxinhe Network Technology, a Chinese cybersecurity firm believed to be directly involved in the Salt Typhoon telecom ...
2 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)