Particle.news
Download on the App Store
6 ARTICLES
·
6d ago

Clorox Sues Cognizant for $380 Million Over Cyberattack Help Desk Failures

The bleach maker accuses its long-time IT service provider of breaching contract obligations by handing over network credentials without proper verification.

Cognizant's logo is pictured on a smartphone in this illustration taken, December 4, 2021. REUTERS/Dado Ruvic/Illustration/File Photo
Image
Picture of Clorox products.

Overview

  • Clorox alleges that Scattered Spider hackers exploited lax service desk protocols on August 11, 2023, resetting credentials via simple calls to Cognizant staff without verifying caller identities.
  • The July 2025 complaint includes partial call transcripts showing support agents ignored updated February 2023 credential procedures and granted multiple password and multi-factor authentication resets.
  • Clorox says the breach forced it to take systems offline for containment, halted shipments and disrupted production, resulting in roughly $380 million in total losses, including about $50 million in remediation costs.
  • The suit claims post-attack recovery was hampered when Cognizant took over an hour to reinstall a critical cybersecurity tool that should have taken 15 minutes.
  • The company filed the lawsuit in Alameda County state court in July 2025 seeking $380 million for breach of contract, negligence and related claims, and Cognizant has not publicly responded.