Household cleaning products giant Clorox has filed a lawsuit against Cognizant Technology Solutions, accusing the IT services provider of gross negligence that enabled a damaging cyberattack in 2023. According to court documents filed this week in California, Clorox claims that the breach—carried out by the cybercriminal group known as Scattered Spider—was made possible because Cognizant staff handed over employee credentials without following basic verification protocols.
The lawsuit centers around a breach that occurred in August 2023, when Scattered Spider reportedly gained access to Clorox’s internal network. Clorox says the group didn’t use sophisticated tools or hacking software to break in. Instead, the attackers allegedly obtained sensitive login details simply by calling Cognizant’s IT help desk and requesting password resets.
A Breach Without Complexity
According to Clorox, the hacker impersonated a Clorox employee during multiple calls to the Cognizant help desk. In response, the support staff reportedly provided network access credentials without taking necessary steps to confirm the caller’s identity. This lack of verification—such as failing to ask for an employee ID or cross-checking managerial information—allegedly gave the attacker direct access to Clorox’s systems.
Internal transcripts included in the lawsuit show examples of this lapse. In one call, the impersonator mentions being unable to log in, prompting the help desk to reset the password and provide a new one without any apparent vetting.
Clorox argues that this behavior reflects a serious breakdown in Cognizant’s cybersecurity practices. The company claims that the attackers were essentially handed access to sensitive systems—no hacking expertise required.
A Costly Disruption
The aftermath of the attack was devastating for Clorox. The company estimates total damages at approximately $380 million. Of that, around $50 million was spent on recovery efforts—such as restoring IT infrastructure and enhancing security. The bulk of the financial impact, however, came from business interruptions. Clorox experienced delays in manufacturing and shipping, which led to empty shelves at retailers and lost sales across multiple product categories.
Operations were slowed for weeks as the company scrambled to assess the damage, regain control of its systems, and restore normal business functions. According to the complaint, some of the delays were worsened by further errors on Cognizant’s part.
Recovery Missteps Cited
Beyond the initial breach, Clorox claims that Cognizant failed to properly support the cleanup effort. The lawsuit alleges that the IT provider neglected to deactivate compromised accounts and did not effectively restore critical data. These oversights, Clorox says, significantly hindered recovery efforts and added to the financial toll.
The company argues that these continued lapses reflect a broader failure in Cognizant’s cybersecurity framework and response capabilities. What should have been a controlled damage-recovery operation, Clorox alleges, turned into a prolonged crisis due to ineffective support from its IT vendor.
Cognizant Remains Silent
As of now, Cognizant has not publicly commented on the lawsuit. Reuters reported that the legal complaint was not immediately available on the public court docket, but Clorox provided a court-stamped copy confirming the filing in Alameda County Superior Court.
Cognizant, based in New Jersey, is a major IT services firm with clients across healthcare, retail, finance, and other industries. The company has previously promoted its cybersecurity expertise, which makes the allegations in this case particularly damaging to its reputation.
If the court rules in Clorox’s favor, the case could set a precedent for how much liability outsourced IT vendors bear in the event of a cybersecurity failure.
Who is Scattered Spider?
The group behind the attack, Scattered Spider, has become increasingly notorious for targeting large corporations using social engineering tactics. Instead of deploying malware or exploiting technical flaws, the group often focuses on manipulating individuals—especially IT help desks—into sharing credentials or granting access.
These attackers have been linked to several major breaches in recent years, and cybersecurity experts have warned about their persistent and opportunistic nature. The Clorox breach appears to follow the same pattern, where human error or lax procedures open the door to major disruptions.




