Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Scattered Spider victim Clorox sues helpdesk provider | Computer Weekly

By Computer Weekly by By Computer Weekly
July 24, 2025
Home Uncategorized
Share on FacebookShare on Twitter


IT services provider Cognizant is facing a multimillion-dollar lawsuit from one of its customers, which claims lax security procedures enabled the Scattered Spider hacking collective – blamed for the attacks on Marks & Spencer and Co-op Group – to access its systems by convincing a Cognizant helpdesk employee to reset a password.

The August 2023 incident saw business at Clorox – a household name in cleaning products in the US – badly disrupted after it was forced to suspend production and shipping in the wake of the social engineering attack. It is thought to have cost the organisation almost $400m.

In the lawsuit, filed in the California Superior Court, Clorox accused Cognizant of repeatedly giving a cyber criminal access to its network by handing them credentials without authenticating them or otherwise following basic cyber security processes.

“Cognizant provided the service desk that Clorox employees could contact when they needed password recovery or reset assistance,” said Clorox in its complaint. “Cognizant’s operation of the service desk came with a simple, common-sense requirement: never reset anyone’s credentials without properly authenticating them first. Clorox made this easy for Cognizant by providing them with straightforward procedures to follow.

“Despite assuring Clorox that it was following these procedures, Cognizant’s conduct on 11 August 2023 demonstrated spectacularly that it was failing to do so…. Cognizant’s failures resulted in a catastrophic cyber attack on Clorox.”

Clorox’s complaint alleges that on 11 August, Cognizant’s service desk received a call from a hacker requesting a reset of an individual’s password – this person is identified in the complaint as Employee 1 – for the Okta identity management tool.

It said the hacker told Cognizant they could not connect to the VPN without a password, following which the customer support agent “unilaterally” reset the password without questioning the caller or verifying their identity. It claimed this was in direct violation of its support procedures.

At this point, Clorox’s complaint continues, the hacker tried their luck again and asked for a reset of their Microsoft multifactor authentication (MFA). Again, it says, this was done without verification.

Cognizant – displaying a shocking level of incompetence – failed over and over at the most basic level and enabled a cyber criminal to gain a foothold in Clorox’s network
Clorox’s legal complaint against Cognizant

After conducting two follow-up calls to again reset Employee 1’s Okta and Microsoft passwords, the hacker then convinced Cognizant’s agent to reset the phone number Employee 1 used for SMS MFA.

Clorox said that at no point during all of this did Cognizant’s agent verify the caller was the right person, or follow any of its identity support procedures, which had been updated a few months earlier.

“Cognizant – displaying a shocking level of incompetence – failed over and over at the most basic level and enabled a cyber criminal to gain a foothold in Clorox’s network,” said the complainant.

The complaint goes on to detail how, having accessed its systems, Scattered Spider then targeted Employee 2, an individual working on Clorox’s cyber security team, and used the same playbook to reset that person’s credentials. This enabled the gang to elevate their privileges within Clorox’s IT systems, establish persistence and begin lateral movement.

Clorox said it detected the intrusion within three hours and took action to eject the hackers from its network, but not before being forced to pull the plug on multiple critical systems.

On the basis of these alleged failings, claims that Cognizant intentionally misled Clorox into believing its staff were trained on its policies and procedures, and additional claims of “ongoing incompetence” that allegedly impeded the incident response efforts, Clorox is seeking to recover $49m in direct remediation damages and $380m in total.

In a statement shared with Computer Weekly’s sister title Cybersecurity Dive, a Cognizant spokesperson said: “It is shocking that a corporation the size of Clorox had such an inept internal cyber security system to mitigate this attack.

“Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of helpdesk services, which Cognizant reasonably performed. Cognizant did not manage cyber security for Clorox.”



Source link

By Computer Weekly

By Computer Weekly

Next Post
5G SA Adoption Accelerates 5G MCN Market Growth to 6 Percent CAGR; AI Set to Drive Next Wave, According to Dell’Oro Group

5G SA Adoption Accelerates 5G MCN Market Growth to 6 Percent CAGR; AI Set to Drive Next Wave, According to Dell'Oro Group

Recommended.

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing 0K Crypto Transfers and M+ Profits

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

August 28, 2025
Amazon AI chief exits, triggering leadership shakeup

Amazon AI chief exits, triggering leadership shakeup

December 17, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio