Clorox, a large cleaning products company, has sued Cognizant for $380 million. Cognizant is a big IT services company. Clorox says Cognizant made big mistakes. These mistakes led to a cyberattack in 2023. The attack harmed Clorox’s business and caused major losses.

Clorox Blames Cognizant for Major Security Breach

Clorox says a hacker got into its system by calling Cognizant’s help desk. The hacker just asked for passwords. Clorox claims the help desk gave out login details without checking who was calling. They also did not follow basic safety rules.

The result? The hacker got inside Clorox’s systems and shut down parts of its operations. The breach affected the company’s ability to ship products, fill orders, and keep store shelves stocked. Clorox says it lost hundreds of millions of dollars in revenue due to the interruption in its business.

Clorox filed the lawsuit in the Superior Court of California, County of Alameda and argues that Cognizant could have easily stopped the attack by simply following standard procedures. The company says the mistakes made by Cognizant were “entirely preventable.”

Cybercriminal Got In With a Simple Phone Call

Clorox says the attack was not done using advanced hacking. Instead, the hacker just made phone calls to Cognizant’s help desk. They pretended to be Clorox employees. The hacker asked for login details. Clorox says Cognizant gave the details without checking who was calling.

🔓 Australia’s political inboxes hacked — years of classified documents now in hacker hands

Cognizant was hired by Clorox to provide service desk support — meaning they handled issues like password resets and login help for Clorox employees. Clorox claims that Cognizant failed to verify the caller’s identity before handing over access information.

The attacker used the credentials to break into Clorox’s systems. This caused major damage to the company’s internal network, which is used to manage orders, track shipments, and coordinate manufacturing.

Clorox says its computer systems were damaged, and the company could not function normally for weeks. This caused a huge disruption in its operations and significantly affected its earnings.

The lawsuit states, “The root cause of the cyberattack was Cognizant’s blatant disregard for Clorox’s credential support policies and procedures, industry standards, and the terms of the parties’ Information Technology Services Agreement.”

Cognizant Responds, Shifts Blame to Clorox

Cognizant, in response to the lawsuit, has denied responsibility for the incident. A spokesperson from the company said that Clorox had its own weak internal cybersecurity setup and failed to prevent the attack on its end.

🔐 Dior Hit, Now Vuitton—LVMH Luxury Empire Faces Relentless Cyber Onslaught

Cognizant argued that its role was limited to basic help desk services and that it did not manage or control Clorox’s overall cybersecurity system. According to the company, it fulfilled its duties under the contract and followed reasonable processes for help desk support.

A spokesperson said it was shocking that a big company like Clorox had such a weak cybersecurity system. They said Clorox is blaming Cognizant for problems it caused itself. According to them, Clorox only hired Cognizant for basic help desk support. They also said Cognizant did its job as expected.

The lawsuit comes at a challenging time for Cognizant. The company is already facing legal trouble in a separate case filed by Infosys, another major tech company, involving antitrust issues.

The case between Clorox and Cognizant is still ongoing. It shows how small mistakes in tech support can cause huge losses. It also shows how hackers now use very simple tricks to attack big companies. One such trick is just making a phone call to get into secure systems.