- The Violation of Clorox 2023 occurred when a threat actor usually usually resets his skills securities
- Clorox maintains that cognizant has not followed standard procedures
- Cognizant says cybersecurity was not his job to start
Clorox is continuing its Cognizant IT service provider following a 2023 Ransomware attack which cost the company millions of dollars in damages.
Recently filed with the Superior Court of California, the trial indicates that the cognizant is prosecuted for breach of contract, violation of the alliance of good faith and the equitable offer, of serious negligence and the intentional false declaration.
In 2013, Cognizant was hired to operate the Clorox employee service service, which included tasks such as password recovery, resetting identification information and IT support for staff members. In 2023, a cybercriminal called a conscious employee on the phone, said that it was a Clorox employee and had asked for a password and a multi-faters’ authentication recovery (MFA), as they lost access to their account.
Who is it, anyway?
In the file, CLOROX maintains that the conscious employee has complied as a result of procedures established on the verification of identity, providing alleged transcriptions of telephone calls between the attacker and the cognizant employee who would have proven that the reset of the password was granted on site.
Once the attackers had access, they reset the MFA tokens, changed the phone numbers linked to SMS authentication, the deactivated cybersecurity tools and the sensitive files exfiltrated from the system.
Consequently, Clorox had to close its systems, take a manufacturing break and rely on the processing of manual commands for weeks. This would have resulted in hundreds of millions of dollars in sales and reputation damage.
Clorox now requests $ 49 million in direct damages, as well as $ 380 million in damages.
In response to the trial, Cognizant told the press that it was not their work to defend the computer network against attacks.
Talk to Bleeping CompomputeA company spokesman said: “It is shocking that a company the size of Clorox had an internal cybersecurity system as inept to alleviate this attack. Clorox tried to blame us for these failures, but the reality is that Clorox hired the cognizant failed to manage cybersecurity for the climax.
