Clorox Sues Cognizant for $380M Cyberattack Access Breach

Clorox has sued IT services provider Cognizant for $380 million, alleging that Cognizant's helpdesk staff repeatedly gave cybercriminals access credentials without properly verifying their identities, which led to a debilitating ransomware attack in August 2023. The cyberattack paralyzed Clorox's corporate network and disrupted business operations, causing over $49 million in remediation costs and hundreds of millions in lost revenue due to halted manufacturing and supply chain interruptions. The hacker impersonated a Clorox employee and successfully reset passwords and multi-factor authentication details multiple times by bypassing standard authentication protocols. Cognizant denies wrongdoing, stating its role was limited to helpdesk support and claiming Clorox had inadequate internal cybersecurity measures. The lawsuit also accuses Cognizant of mishandling incident response and disaster recovery efforts, which allegedly worsened the damage. Clorox has maintained that the attack was preventable had proper authentication procedures been followed, while Cognizant insists it reasonably performed its narrow contractual duties.