Clorox Claims Cognizant Handed Credentials To Hacker, Ignored Security Protocols

Clorox Company (NYSE:CLX) has accused IT services provider Cognizant Technology Solutions Corp (NASDAQ:CTSH) of gross negligence and breach of trust after a cyberattack caused widespread disruption and nearly $380 million in damages.

According to Clorox, the root cause of the attack was Cognizant's failure to follow basic cybersecurity protocols it had agreed to uphold under a long-standing partnership.

For more than a decade, Clorox relied on Cognizant to operate its employee service desk, including tasks such as password recovery and credential resets.

Also Read: Clorox Stock Drops After Worse-Than-Expected Q3 Results: ‘Heightened Macroeconomic Uncertainties’ Lowered Sales, CEO says

The responsibility came with a clear requirement: no credentials would be reset without properly authenticating the requester. Despite repeated assurances, Cognizant allegedly failed to follow these procedures.

Cognizant did not immediately respond to Benzinga’s request for comment.

On Aug. 11, 2023, a cybercriminal contacted the Cognizant-run service desk and was given direct access to Clorox's network credentials without facing any authentication checks.

This lapse happened multiple times that day, giving the attacker unfettered access to the company's systems. Clorox says audio recordings show Cognizant handing over credentials with no verification.

• Cybercriminal: I don't have a password, so I can't connect.
• Cognizant Agent: Oh, ok. Ok. So let me provide the password to you ok?
• Cybercriminal: Alright. Yep. Yeah, what's the password?
• Cognizant Agent: Just a minute. So it starts with the word "Welcome…

The cyberattack that followed crippled Clorox's corporate network, disrupted its supply chain, and significantly impaired its ability to fulfill orders.

According to the lawsuit filed by Clorox, Cognizant's mishandling of the initial credential requests was compounded by a botched incident response and disaster recovery effort, further worsening the damage.

Clorox maintains that Cognizant ignored the company's clearly outlined security procedures, which were designed to prevent exactly such an attack.

Despite touting its cybersecurity expertise and claiming to have trained its service desk staff in these protocols, Cognizant's actions—or inactions—revealed what Clorox called a "devastating lie."

The company says the breach could have been entirely avoided with proper training and adherence to security protocols.

Instead, Clorox was left dealing with over $49 million in direct recovery costs and hundreds of millions more in business interruption losses.

Meanwhile, Cognizant reported $20 billion in revenue in 2024, with no apparent hit to its brand or bottom line.

CTSH Price Action: Cognizant Tech Solns shares were up 0.72% at $77.34 on Wednesday, according to Benzinga Pro. The stock is trading within its 52-week range of $65.52 to $90.82.

Read Next:

• Lockheed Martin Confirms Talks With US Over Trump’s $175 Billion ‘Golden Dome’ Missile Shield — CEO James Taiclet Says No Contracts Yet, LMT Is ‘All In’

Image via Mdisk/Shutterstock