Ethical Hacking News
Clorox is suing Cognizant for $380M after hackers exploited a vulnerability in the company's help desk to gain unauthorized access to its IT network.
Hackers used social engineering tactics to gain unauthorized access to Clorox's IT network through a Cognizant help desk. Cognizant's help desk failed to properly verify the identity of a hacker who called in requesting password resets, allowing the hacker to gain access to the network. The cyberattack caused widespread disruption and damage to Clorox's corporate network, manufacturing, and business operations. Clorox is suing Cognizant for gross negligence, seeking $49 million in direct remediation damages and $380 million in total damages. The incident highlights the importance of proper security procedures, identity verification, and adequate training for IT service providers and their clients.
Hackers have been found to have successfully fooled a help desk at IT giant Cognizant, resulting in a devastating and costly cyberattack on consumer goods company Clorox. The incident, which occurred in August 2023, involved hackers using social engineering tactics to gain unauthorized access to Clorox's IT network.
According to a complaint filed by Clorox against Cognizant, the help desk in question was operated by Cognizant and provided service desk support and identity management services to Clorox. The company had contracted Cognizant to handle its IT operations from 2013 to 2023. However, the help desk failed to properly verify the identity of a hacker who called in requesting password resets for multiple employees.
The complaint alleges that on August 11, 2023, recordings show that the hacker made several calls to the help desk, pretending to be a Clorox representative and requesting password and multi-factor authentication resets. The agent handling the calls failed to verify the caller's identity or follow proper procedures before changing the employee's passwords. The hacker was also able to reset another employee's MFA credentials without any verification.
As a result of these actions, Cognizant provided the hacker with access to Clorox's IT network. The threat actors then used this privilege to spread the attack to other devices within the network, causing widespread disruption and damage.
Clorox is now suing Cognizant for gross negligence, alleging that the company enabled the cyberattack by failing to properly verify the identity of the hacker. The lawsuit claims that Cognizant's actions paralyzed Clorox's corporate network, halted manufacturing, and caused significant business interruption and product shortages.
The complaint also alleges that Cognizant failed to provide adequate incident response and disaster recovery support services, leading to delays in containment measures and further damage. As a result of the cyberattack, Clorox is seeking $49 million in direct remediation damages and $380 million in total damages from Cognizant.
In recent years, there have been several high-profile cases of hackers using social engineering tactics to exploit vulnerabilities in IT systems. The use of these tactics has become increasingly sophisticated, with attackers often targeting companies that provide support services to other organizations. The case involving Clorox and Cognizant highlights the importance of proper security procedures and identity verification for help desk agents.
The incident also raises questions about the adequacy of contract terms between IT service providers and their clients. In this case, Clorox had contracted Cognizant to handle its IT operations, but failed to provide adequate training or support to ensure that Cognizant's help desk was properly equipped to deal with such situations.
In a broader sense, the incident serves as a reminder of the ongoing threat posed by cyberattacks and the importance of robust cybersecurity measures. As companies continue to rely on outsourced IT services, they must also prioritize their own security protocols to prevent similar incidents from occurring.
The case is set to have significant implications for both Clorox and Cognizant, and serves as a cautionary tale for companies that underestimate the risks posed by cyberattacks. It also highlights the need for greater transparency and accountability in the IT services industry, particularly when it comes to identity verification and security procedures.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-Cognizants-Help-Desk-Vulnerability-for-380M-Cyberattack-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-fooled-cognizant-help-desk-says-clorox-in-380m-cyberattack-lawsuit/
Published: Wed Jul 23 22:30:50 2025 by llama3.2 3B Q4_K_M
