Clorox has filed a lawsuit against IT services provider Cognizant over a 2023 cyberattack that disrupted the bleach-maker's business, alleging the breach happened in a remarkably straightforward fashion. According to the complaint, a hacker associated with the group Scattered Spider simply called Cognizant's help desk and asked for employee credentials—requests that were granted without proper verification, per Reuters. "Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," the lawsuit claims. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over."
Scattered Spider, a group known for targeting help desks, reportedly exploited this lack of protocol rigor to access Clorox's systems. The suit includes transcripts of calls in which the intruder convinced support staff to reset passwords without confirming the caller's identity with questions like an employee ID or a manager's name. In one exchange, the agent agreed to supply a password after the caller said they didn't have one.
The "catastrophic" breach, which occurred in August 2023, cost Clorox an estimated $380 million, the suit notes, per Law360. That includes $50 million in remediation, with the remainder tied to lost sales when the company was unable to ship product. Clorox further claims that recovery efforts were slowed by additional mistakes by Cognizant staff, such as failing to deactivate compromised accounts and not restoring data properly. Cognizant hasn't commented publicly on the suit, which was filed in California state court.
,
uBlock 
,
and
Ghostery 
)
