Clorox Sues Cognizant Over 2023 Cyberattack, Hackers Obtained Passwords by Requesting Them
ByAinvest
Thursday, Jul 24, 2025 1:53 pm ET1min read
CLX--
The incident, which occurred in August 2023, resulted in Clorox suffering $380 million in damages and forced the company to take its systems offline. Clorox claims that Cognizant's failure to follow established cybersecurity protocols, such as verifying the identity of individuals requesting password resets, directly led to the attack [1].
Cognizant, which did not respond to requests for comment, has been accused of repeatedly ignoring Clorox's password reset policies. According to the lawsuit, Cognizant employees reset passwords and multi-factor authentication (MFA) credentials for hackers without verifying their identities, allowing the cybercriminals to gain access to Clorox's network [1].
The lawsuit also highlights the use of social engineering tactics by the hackers, who posed as Clorox employees to obtain the necessary credentials. Clorox reported operational issues and a 6% decrease in sales volume in the six months following the attack, as well as significant costs associated with remediation efforts [1].
Clorox has demanded that Cognizant cover the $380 million in damages and pay punitive damages. The company has also indicated that it has received insurance recoveries of $100 million related to the cyberattack [1].
This lawsuit underscores the critical importance of robust cybersecurity measures and the need for IT service providers to adhere to stringent protocols to prevent such incidents. As cyberattacks become increasingly sophisticated, companies must prioritize secure practices to protect their networks and sensitive data.
References:
[1] https://therecord.media/clorox-cyberattack-lawsuit-cognizant-it-contractor
CTSH--
Clorox is suing IT provider Cognizant over a 2023 cyberattack, claiming hackers accessed their network by asking Cognizant staff for employee passwords. According to the lawsuit, Cognizant handed over the credentials without being duped by any hacking techniques. The incident highlights the importance of robust cybersecurity measures to prevent such attacks.
In a significant legal move, cleaning product giant Clorox has filed a lawsuit against Cognizant, an IT services contractor, accusing the latter of being directly responsible for a 2023 cyberattack that caused substantial financial damage. The lawsuit, filed in California Superior Court, alleges that Cognizant's help desk workers repeatedly handed over crucial login information to hackers, leading to the breach [1].The incident, which occurred in August 2023, resulted in Clorox suffering $380 million in damages and forced the company to take its systems offline. Clorox claims that Cognizant's failure to follow established cybersecurity protocols, such as verifying the identity of individuals requesting password resets, directly led to the attack [1].
Cognizant, which did not respond to requests for comment, has been accused of repeatedly ignoring Clorox's password reset policies. According to the lawsuit, Cognizant employees reset passwords and multi-factor authentication (MFA) credentials for hackers without verifying their identities, allowing the cybercriminals to gain access to Clorox's network [1].
The lawsuit also highlights the use of social engineering tactics by the hackers, who posed as Clorox employees to obtain the necessary credentials. Clorox reported operational issues and a 6% decrease in sales volume in the six months following the attack, as well as significant costs associated with remediation efforts [1].
Clorox has demanded that Cognizant cover the $380 million in damages and pay punitive damages. The company has also indicated that it has received insurance recoveries of $100 million related to the cyberattack [1].
This lawsuit underscores the critical importance of robust cybersecurity measures and the need for IT service providers to adhere to stringent protocols to prevent such incidents. As cyberattacks become increasingly sophisticated, companies must prioritize secure practices to protect their networks and sensitive data.
References:
[1] https://therecord.media/clorox-cyberattack-lawsuit-cognizant-it-contractor
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
ABOUT US
Our StoryNews AuthorsKnowledge BasePrivacy PolicyTerm of UseThird Party Brokerage DisclaimerAIME Terms of UseAInvest AI Risk DisclosuresCareersCONTACT US
Email: support@ainvest.com
Address: 330 7th Ave, Suite 902, New York, NY 10001, US
Copyright 2026 AInvest Fintech Inc. All rights reserved.
Comments
No comments yet