Bleach maker Clorox has sued information technology provider Cognizant over a 2023 cyberattack that compromised its network, alleging the hackers gained access by asking staff for employee passwords. The group, dubbed Scattered Spider, tricked IT help desks into handing over credentials and then used that access to lock them up for ransom.
The lawsuit claims that Cognizant’s staff failed to verify who they were talking to before handing over sensitive information, despite being asked repeated questions by the hackers. Cybersecurity experts say this is an example of “social engineering” and “negligence/non-fulfillment of duty.”
Clorox suffered $380 million in damages from the 2023 hack, with $50 million attributed to remedial costs and the rest due to production disruptions. The company claims that Cognizant’s staff failures hampered its clean-up efforts.
Cognizant denies responsibility, stating it was hired for limited help desk services only and did not manage Clorox’s cybersecurity.
Source: https://www.reuters.com/legal/government/clorox-accuses-it-provider-lawsuit-giving-hackers-employee-passwords-2025-07-22