- The violation of chlorox 2023 occurred when a threat actor passed through an employee and his credentials were restored
- Chlorox argues that Cognizant did not follow standard procedures
- Cognizant says that cybersecurity was not his job to begin
Chlorox is demanding its Ti Cognizant service provider after a 2023 ransomware attack that cost the company millions of dollars in damage.
Recently filed before the Superior Court of California, the lawsuit says that Cognizant is being sued for breach of contract, breach of the Pact of good faith and fair treatment, serious negligence and intentional misrepresentation.
In 2013, Cognizant was hired to operate the chlorox employees service table, which included tasks such as password recovery, credential reset and IT support for employees. In 2023, a cybercriminal called a conscious employee of the phone, said they were a chlorox employee and requested a password and recovery of multiple factors (MFA), since they lost access to their account.
Who is the work, anyway?
In the presentation, Clorox argues that the conscious employee complied without following the established procedures on identity verification, providing alleged transcripts of telephone calls between the attacker and the conscious employee who allegedly proved that the password restart was granted in place.
Once the attackers obtained access, the MFA tokens changed, they changed the telephone numbers linked to the authentication of SMS, the disabled cyber security tools and the sensitive files ex -struggled of the system.
As a result, Chlorox had to close their systems, stop manufacturing and trust manual orders processing for weeks. This supposedly resulted in hundreds of dollars in lost sales and reputation damage.
Chlorox is now looking for $ 49 million in direct remediation damage, as well as $ 380 million in total damage.
In response to the demand, Cognizant told the press that it was not his work to defend the TI network of the attacks.
Talking with BleepingcomputerA company spokesman said: “It is shocking that a corporation of chlorox size had a internal cybersecurity system so inept to mitigate this attack. Chlorox has tried to blame us for these failures, but the reality is that Clorx hired Cognizant for a narrow scope of aid desktop services that the cognizer reasonably performed.
