Slashdot: After $380 Million Hack, Clorox Sues Its ‘Service Desk’ Vendor For Simply Giving Out Passwords

Jul 23, 2025

—

Source URL: https://yro.slashdot.org/story/25/07/23/2018211/after-380-million-hack-clorox-sues-its-service-desk-vendor-for-simply-giving-out-passwords?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: After $380 Million Hack, Clorox Sues Its ‘Service Desk’ Vendor For Simply Giving Out Passwords

Feedly Summary:

AI Summary and Description: Yes

Summary: The text discusses a cyberattack on Clorox in 2023, where an attacker exploited weak security practices at Cognizant, the company’s outsourced IT service desk provider, to gain unauthorized access. This breach, attributed to a lack of proper identity verification, led to significant financial damage estimated at $380 million.

Detailed Description: The incident serves as a critical reminder of the vulnerabilities associated with outsourcing IT security operations, particularly regarding service desk practices. Key points include:

– **Social Engineering Attack**: The attacker utilized social engineering tactics to impersonate legitimate employees, successfully obtaining sensitive credentials without any effective verification process.

– **Outsourced IT Security**: Clorox had outsourced its service desk operations to Cognizant, which is now facing a lawsuit due to claims of negligence and inadequate employee training.

– **Lack of Authentication**: The breach highlighted significant flaws in the identity verification processes used by Cognizant, exemplifying a failure to implement basic security protocols.

– **Financial Impact**: Clorox seeks restitution of millions from Cognizant for the damages incurred, which have crippled its operational capabilities, leading to factory disruptions and logistical challenges.

– **Legal Action**: The lawsuit emphasizes the importance of maintaining rigorous security standards, even in outsourced environments, and aims to hold Cognizant accountable for purportedly failing to adhere to their contractual security standards.

This case underscores the urgency for all organizations, especially those engaged in IT service outsourcing, to implement stringent security measures, including robust authentication processes and employee training, to defend against such social engineering attacks.

01 1 2 3 5 7 a access account Act after AI and art as at ated attack attacks attribute authentication Authentication Process authentication processes AWS Bi breach by C capabilities challenge challenges CI CIA co Col contract contractual core credential credentials critical cyber cyberattack D de disruption DoT e effective employee training end Engineer engineering environment exp exploit fact fail financial financial impact flaws for full g Gen GIS git Go H hack high Highlight http HTTPS identity identity verification in incident io Iron ite k Key l law lawsuit leading led Legal legal action Li Link M measures N negligence no non o of on operation operational capabilities operations organization organizations ory oS out outsourcing passwords per point practices pro process processes protocol protocols ps Q R RCE re red Ro RoT s sec security security measure security measures security operations security practices security protocols security standards service service desk Sig Sim size sizes SoC social social engineering social engineering attacks social engineering tactics source sourcing SSE SSO standards T tactics ted text the to Tor TP training UI unauthorized access under up US use uth V vendor verification verification process verification processes vulnerabilities Wi x z