- Clorox 2023 -overgrowth happened when a threat actor mimicked an employee and got their credentials reset reset
- Clorox claims that cognizant did not follow standard procedures
- Cognizant says that cybersecurity was not its job to begin with
Clorox sues its IT service provider cognizant following a 2023 ransomware attack that costs the company millions of dollars in injuries.
Recently lodged with the Superior Court of California, the trial said that cognizant is being sued for violation of the contract, violation of the pact of good faith and righteous trade, gross negligence and intentionally erroneous representation.
Back in 2013, Cognizant was contracted to operate Clorox’s employee service table, which included tasks such as password recovery, credentials and the support for employees. By 2023, a cyber criminal called a cognizant employee on the phone said they were a Clorox employee and asked for a password and multi-factor approval (MFA) recovery when they lost access to their account.
Whose job is it anyway?
In the filing, Clorox claims that the cognizant employee complied with without following established identity verification procedures, providing alleged prints of telephone calls between the striker and the cognizant employee who allegedly proves that the password was reset on site.
When the striker was given access, they reset the MFA tookens, changed phone numbers related to SMS approval, disabled cyber security tools and exfiltering sensitive files from the system.
As a result, Clorox had to close its systems, break manufacture and rely on manual order processing for weeks. This allegedly resulted in hundreds of millions of dollars in lost sales and reputation.
Clorox is now looking for $ 49 million in direct remedy damage as well as $ 380 million in total injuries.
In response to the trial, Cognizant told the press that it was not their job to defend the IT network from attacks.
Talking to Bleeping computersaid a spokesman for the company: “It’s shocking that a company the size of Clorox had such an excellent internal cyber security system to mitigate this attack. Clorox has tried to blame us for these errors, but the reality is that Clorox hired cognizant for a narrow extent of Helpdesk services, which cognizant ran. CyberSecurity for Clorox. “
