Cognizant calls Clorox’s cyber team ‘inept’, accuses it of shifting blame

IT services firm Cognizant has responded to a lawsuit filed against it by bleach manufacturer Clorox, after it accused the IT firm of being responsible for a 2023 cyber attack.

Earlier this week, Clorox filed a lawsuit against Cognizant following a 2023 cyber attack through which threat actors used credentials to log into the cleaning product maker’s systems and launch a ransomware.

The lawsuit alleges that the threat actor simply asked the Cognizant service desk, which was provided for use by Clorox, for the credentials.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

“Cognizant repeatedly gave a cyber criminal access to Clorox’s network by handing them credentials without properly authenticating them or otherwise following Clorox’s process,” Clorox said.

“Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques. The cyber criminal just called the Cognizant Service Desk, asked for credentials to access Clorox’s network, and Cognizant handed the credentials right over.”

However, in an extended statement, Cognizant has bit back at Clorox’s claims, denying that it was to blame for the incident and that it was instead the fault of Clorox’s lacklustre cyber teams.

“It is shocking that a corporation the size of Clorox had such an inept internal cyber security system to mitigate this attack,” Cognizant said.

“Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services, which Cognizant reasonably performed,” the company added, the same words as in the statement seen by Reuters and reported by Cyber Daily this week.

Clorox’s lawsuit, which was filed in the California Superior Court, is suing the company for US$380 million, the amount the company suffered in damages as a result of the cyber attack.

VIEW ALL

The total of US$380 million in damages was largely as a result of Clorox’s inability to ship its product to retailers, leading to a halt in sales. However, US$50 million of the total was spent in the company’s recovery process.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

Cognizant calls Clorox’s cyber team ‘inept’, accuses it of shifting blame

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED