Connect with us

Hi, what are you looking for?

Business

Lawsuit says Clorox hackers got passwords simply by asking

WASHINGTON — Bleach maker Clorox said Tuesday that it has sued information technology provider Cognizant over a devastating 2023 cyberattack, alleging that the hackers pulled off the intrusion simply by asking the tech company’s staff for employees’ passwords.

Clorox was one of several major companies hit in August 2023 by the hacking group dubbed Scattered Spider, which specializes in tricking IT help desks into handing over credentials and then using that access to lock them up for ransom. The group is often described as unusually sophisticated and persistent, but in a case filed in California state court on Tuesday, Clorox said one of Scattered Spider’s hackers was able to repeatedly steal employees’ passwords simply by asking for them.

“Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques,” according to a copy of the lawsuit reviewed by Reuters. “The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox’s network, and Cognizant handed the credentials right over.”

Cognizant did not immediately return a message seeking comment on the suit, which was not immediately visible on the public docket of the Superior Court of Alameda County. Clorox provided Reuters with a receipt for the lawsuit from the court.

Three partial transcripts included in the lawsuit allegedly show conversations between the hacker and Cognizant support staff in which the intruder asks to have passwords reset and the support staff complies without verifying who they are talking to, for example by quizzing them on their employee identification number or their manager’s name.

“I don’t have a password, so I can’t connect,” the hacker says in one call. The agent replies, “Oh, ok. Ok. So let me provide the password to you ok?”

The 2023 hack caused $380 million in damages, Clorox said in the suit, about $50 million of which were tied to remedial costs and the rest of which were attributable to Clorox’s inability to ship products to retailers in the wake of the hack.

Clorox said the clean-up was hampered by other failures by Cognizant’s staff, including failure to de-activate certain accounts or properly restore data.

This post appeared first on NBC NEWS

    You May Also Like

    Business

    The U.S. shipbuilding industry is looking for help. A South Korean company is answering the call. Hanwha Philly Shipyard CEO David Kim, nodding to...

    Sports

    All eyes were on Mr. Met’s not-so-gracious fall at Citi Field in New York during The Lumineers concert last week, and now the viral...

    Politics

    In a rare public rebuke of Israeli military action, Rep. Joe Wilson, R‑S.C., issued a harsh warning that recent airstrikes on Syria are ‘suicidal’ for...

    Stocks

    This week, let’s dive into three interesting stocks: a well-known Dow stalwart, a tech giant in a tug of war, and a former Dow...

    Disclaimer: VolatilityIndicators.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2025 VolatilityIndicators.com | All Rights Reserved