Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

After $380M Hack, Clorox Sues Its “Service Desk” Vendor for Simply Giving Out Passwords

ALAMEDA COUNTY, CALIFORNIA, JUL 23 – Clorox alleges Cognizant's failure to verify credentials enabled a $380 million cyberattack by the Scattered Spider group, causing major operational disruption and product shortages.

  • On August 11, 2023, Scattered Spider hackers breached Clorox’s corporate network by social-engineering calls to Cognizant’s help desk, enabling unauthorized access.
  • From 2013 to 2023, Cognizant served as Clorox’s IT provider, agents failed to follow credential support procedures, and Clorox is seeking $380,000,000 in damages.
  • According to the complaint, at no point during any of the calls did the Agent verify that the caller was in fact Employee 1, and the hacker offered credentials verbally.
  • After detecting the intrusion in three hours, Cognizant’s errors paralyzed Clorox’s network and halted manufacturing, and Clorox ejected the intruder within five days.
  • This incident underscores the need for robust authentication protocols, as Scattered Spider recently used similar tactics against UK retailers Marks & Spencer and Co-op.
Insights by Ground AI
Does this summary seem wrong?

19 Articles

Tech RadarTech Radar
Center

Clorox sues Cognizant for "giving away" passwords which led to major breach

Clorox is suing Cognizant for "gross negligence" - but it says cybersecurity wasn't its job to perform in the first place.

·United Kingdom
Read Full Article
Ars TechnicaArs Technica
Reposted by
TechcraticTechcratic
Center

After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords

Hacking is hard. Well, sometimes. Other times, you just call up a company's IT service desk and pretend to be an employee who needs a password reset, an Okta multifactor authentication reset, and a Microsoft multifactor authentication reset... and it's done. Without even verifying your identity. So you use that information to log in to the target network and discover a more trusted user who works in IT security. You call the IT service desk back…

·United States
Read Full Article
The RegisterThe Register
Center

Lawsuit claims attacker asked Cognizant for Clorox passwords

: Hand us the mind bleach, we want to flush our memories of attack

Read Full Article
BleepingComputerBleepingComputer
Center

Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit

Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive August 2023 cyberattack by resetting an employee's password for a hacker without first verifying their identity.

Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

Clorox files $380 million suit blaming Cognizant for 2023 cyberattack

The attack, linked to Scattered Spider, disrupted production of household cleaners and other goods.

Read Full Article
The Hindu Business LineThe Hindu Business Line
Lean Right

US firm Clorox sues Cognizant for $380 million over a 2023 cyberattack

Clorox sues Cognizant for $380 million over cyber hack, alleging tech company's negligence led to massive losses.

·New Delhi, India
Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 83% of the sources are Center
83% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Hindu Business Line broke the news in New Delhi, India on Wednesday, July 23, 2025.
Sources are mostly out of (0)

Similar News Topics

Hacking icon

Hacking

Technology icon

Technology

Cyber Security icon

Cyber Security

News
For You
SearchBlindspotLocal