Skip to content

Clorox sues Cognizant for $380 million cyber snafu

  • by
  • 2 min read

Illustration: Supimol Kumying | Shutterstock

Clorox is suing former IT services provider Cognizant for its August 2023 cyberattacks. The company claims that Cognizant is directly responsible for the hack that cost the cleaning products company months of operational disruption and at least $49 million in expenses.

A lawsuit was filed in the California Superior Court on July 22. Clorox goes on to claim that Cognizant failed to follow its password-reset protocols and neglected essential verification measures, which ultimately let hackers gain access to Clorox’s networks. Cognizant is also being held responsible for handing over keys to Clorox’s corporate network to the hackers without proper authentication. The two companies had been working together for a decade by the time of the attack, with their initial Information Technology Services Agreement being signed in 2013.

The breach was caught in August 2023 when Cloros found suspicious activity in its IT systems, an event that was raised to a full cyberattack status within the next few hours. The company was forced to take several of its IT systems offline, eventually leading to widespread delays in production and order processing. Clorox was able to restore operations and address distribution losses eventually, but the recovery took several weeks, severely affecting Clorox’s product availability and financial performance.

This is an image of hacked security illustration 11

A January 2024 filing with the SEC explained that Clorox incurred losses of nearly $49 million in the next six months following the breach. The company’s annual report, published in October 2024, claimed that the company was also reassessing some of its sustainability goals, including a reduction in plastic and waste production before 2030, due to the cyberattack.

Infosecurity Magazine quotes Mary Rose Alexander, partner at Latham & Watkins and outside counsel for Clorox, stating that “Cognizant didn’t just drop the ball. They handed over the keys to Clorox’s corporate network to a notorious cybercriminal group in reckless disregard for Clorox’s policies and long-established cybersecurity standards. It’s all captured on call recordings, and it’s indefensible.”

Overall, the cleaning product manufacturer is seeking $380 million in direct and compensatory damages, in addition to punitive damages caused by the attack.

In the News: Security updates for high-severity flaws issued for Chrome, Firefox

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of dark web hacker security

Security flaw in Dahua CCTVs allows remote access

This is an image of python windows featured

Hackers are targeting Python developers with fake PyPI sites

This is an image of apple featured 2323424823

Apple patches Safari bug; Already exploited in Chrome

This is an image of dark web hacker security

Vibe coding platform breach exposes corporate apps

This is an image of dark web hacker security

Fake apps are stealing data blackmailing users on Asian mobile networks

This is an image of ransomware 32988sd

FBI collects dues from Chaos ransomware gang; $2.4 million in crypto seized

>