Clorox Sues Cognizant Over 2023 Cyberattack Damages
▼ Summary
– Clorox is suing its former IT service desk provider, Cognizant, for a 2023 cyber-attack that caused $49 million in damages and operational disruptions.
– The lawsuit alleges Cognizant failed to follow security protocols, enabling hackers to access Clorox’s network without proper authentication.
– The cyber-attack forced Clorox to take systems offline, leading to weeks of supply chain disruptions and delayed production.
– Clorox seeks $380 million in damages, while Cognizant denies responsibility, claiming its role was limited to help desk services.
– A January 2024 SEC filing revealed $49 million in expenses tied to the attack, and Clorox later adjusted sustainability goals due to the disruption.
Clorox has filed a lawsuit against IT services firm Cognizant, alleging negligence that led to a devastating cyberattack in 2023. The household products giant claims the breach caused $49 million in damages and months of operational chaos, with the company now seeking $380 million in compensation.
According to court documents filed in California, Cognizant allegedly bypassed basic security protocols, allowing hackers to infiltrate Clorox’s systems. Shockingly, call recordings reportedly show Cognizant employees providing network access without proper verification. Once inside, attackers exploited these credentials to launch a full-scale cyber assault.
Mary Rose Alexander, Clorox’s legal representative, didn’t mince words: “Cognizant didn’t just fail, they handed our network directly to cybercriminals.” She emphasized that the breach wasn’t just a lapse but a blatant disregard for established security measures.
The attack, detected in August 2023, forced Clorox to shut down critical IT systems, severely disrupting production and order fulfillment. Despite emergency recovery efforts, operations remained unstable for weeks, leading to supply chain bottlenecks and financial losses. A subsequent SEC filing confirmed the $49 million hit, while the company later admitted the incident even derailed some of its sustainability targets.
Cognizant, however, denies responsibility. The company insists its role was limited to help desk support and argues Clorox’s own cybersecurity shortcomings were to blame. “Clorox’s internal defenses were shockingly inadequate,” a spokesperson countered, dismissing the lawsuit as misplaced blame.
The legal battle highlights growing tensions between corporations and third-party vendors over cybersecurity accountability. With cyberattacks becoming increasingly costly, this case could set a precedent for how businesses pursue damages after breaches linked to external partners.
Editor’s note: This article was updated to include Cognizant’s official response.
(Source: InfoSecurity Magazine)
