Clorox (CLX.N) has sued its IT provider Cognizant (CTSH.O), alleging that a 2023 cyberattack, which caused $380 million in damages, occurred because Cognizant's staff provided hackers with employee passwords simply upon request without proper verification. The lawsuit claims the 'Scattered Spider' group exploited this basic social engineering vulnerability, leading to $50 million in remedial costs and the majority of damages from Clorox's inability to ship products. This case underscores severe third-party cybersecurity risks and the substantial financial liabilities tied to inadequate IT service desk protocols.
Clorox (CLX) is suing its IT services provider Cognizant (CTSH) to recover $380 million in damages stemming from a 2023 cyberattack. The lawsuit alleges a severe failure in fundamental security protocols, claiming the breach was not the result of a sophisticated hack but rather of Cognizant's service desk staff providing credentials directly to cybercriminals upon request, without basic identity verification. The financial impact on Clorox was substantial, comprising approximately $50 million in direct remedial costs and a larger sum attributable to operational disruption and the inability to ship products. This event highlights the material financial and reputational risks associated with third-party vendor management. For Cognizant, the allegations of gross negligence in the lawsuit, supported by partial transcripts, represent a significant threat to its reputation as a trusted IT provider and pose a direct risk of legal liability. For Clorox, the incident demonstrates its operational vulnerability to its vendors' security posture, a critical risk factor that resulted in a material negative impact on its business.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.75
Ticker Sentiment
