Editor’s Note: The story has been updated with statement from Cognizant
Clorox Company (NYSE:CLX) has accused IT services provider Cognizant Technology Solutions Corp (NASDAQ:CTSH) of gross negligence and breach of trust after a cyberattack caused widespread disruption and nearly $380 million in damages.
According to Clorox, the root cause of the attack was Cognizant's failure to follow basic cybersecurity protocols it had agreed to uphold under a long-standing partnership.
For more than a decade, Clorox relied on Cognizant to operate its employee service desk, including tasks such as password recovery and credential resets.
The responsibility came with a clear requirement: no credentials would be reset without properly authenticating the requester. Despite repeated assurances, Cognizant allegedly failed to follow these procedures.
In an emailed statement to Benzinga, Cognizant spokesperson said, “It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack. Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant reasonably performed. Cognizant did not manage cybersecurity for Clorox.“
On Aug. 11, 2023, a cybercriminal contacted the Cognizant-run service desk and was given direct access to Clorox's network credentials without facing any authentication checks.
This lapse happened multiple times that day, giving the attacker unfettered access to the company's systems. Clorox says audio recordings show Cognizant handing over credentials with no verification.
- Cybercriminal: I don't have a password, so I can't connect.
- Cognizant Agent: Oh, ok. Ok. So let me provide the password to you ok?
- Cybercriminal: Alright. Yep. Yeah, what's the password?
- Cognizant Agent: Just a minute. So it starts with the word "Welcome…
The cyberattack that followed crippled Clorox's corporate network, disrupted its supply chain, and significantly impaired its ability to fulfill orders.
According to the lawsuit filed by Clorox, Cognizant's mishandling of the initial credential requests was compounded by a botched incident response and disaster recovery effort, further worsening the damage.
Clorox maintains that Cognizant ignored the company's clearly outlined security procedures, which were designed to prevent exactly such an attack.
Despite touting its cybersecurity expertise and claiming to have trained its service desk staff in these protocols, Cognizant's actions—or inactions—revealed what Clorox called a "devastating lie."
The company says the breach could have been entirely avoided with proper training and adherence to security protocols.
Instead, Clorox was left dealing with over $49 million in direct recovery costs and hundreds of millions more in business interruption losses.
Meanwhile, Cognizant reported $20 billion in revenue in 2024, with no apparent hit to its brand or bottom line.
CTSH Price Action: Cognizant Tech Solns shares were up 0.72% at $77.34 on Wednesday, according to Benzinga Pro. The stock is trading within its 52-week range of $65.52 to $90.82.
Read Next:
Image via Mdisk/Shutterstock
