Clorox and Cognizant had an agreement since 2013 covering service desk and identity management. 
Clorox and Cognizant had an agreement since 2013 covering service desk and identity management. Clorox is suing Cognizant for $380 million, alleging that the IT services giant handed over employee login credentials to a cybercriminal—without verifying identity—leading to a devastating cyberattack that crippled the US household goods manufacturer’s operations.
In a complaint filed in a US court, Clorox claimed Cognizant’s service desk violated basic authentication protocols, enabling a bad actor to breach its network in August 2023. The intruder, posing as a Clorox employee, allegedly requested a password reset over the phone. According to the suit, the Cognizant agent bypassed standard checks and granted access without further verification.
“The resulting cyberattack was debilitating,” Clorox stated in the filing. “It paralysed Clorox’s corporate network and crippled business operations.”
The lawsuit claims the attack inflicted an estimated $380 million in damage, including over $49 million in remedial costs and hundreds of millions in lost revenue due to disrupted shipments and empty shelves across retailers.
Clorox and Cognizant had an agreement since 2013 covering service desk and identity management. The complaint accuses Cognizant not only of facilitating the breach but also of mishandling the aftermath. “Cognizant botched its response and compounded the damage it already caused,” Clorox added.
According to Clorox, the hacker made two calls to Cognizant, both times impersonating the same employee. On the second call, the attacker cited VPN access issues, prompting the help desk to reset the Okta password without challenge—a direct breach of Clorox’s internal protocols.
In response, a Cognizant spokesperson was quoted in a Times of India report as saying: “It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system. Clorox hired Cognizant for a narrow scope of help desk services, which we reasonably performed. Cognizant did not manage cybersecurity for Clorox.”
The case now pits one of America’s most recognizable consumer brands against one of India’s largest IT firms, in a high-stakes battle over accountability in a digital disaster.
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine
Relief for stranded flyers: Railways launch special trains, boost coaches. Check details 
IndiGo cancels over 1,000 flights, CEO promises restoration by Dec 15
‘Ahead of schedule’: PM Modi says India-Russia trade to cross $100 bn before 2030 
IndiGo's operational recovery: DGCA grants critical approvals to tackle flight issues 
Netflix to acquire Warner Bros. Discovery's TV, film studios, streaming division for $72 billion
Ground Report From IGI Counters: Stranded Flyers Slam IndiGo Amid Widespread Cancellations
FM Sitharaman Clarifies Cess On Demerit Goods: Fungible Funds For Defence, Public Health Support
India–Russia Trade To Cross $100 Billion Before 2030: PM Modi Fast-Tracks Economic Partnership
Russia Eyes Indian Workforce, New Trade Plan And Tariff Cuts In Major Economic Push
IndiGo CEO Pieter Elbers Admits Worst-Ever Disruption As Over 1,000 Flights Cancelled Nationwide
IndiGo shares slump 9% this week amid 'double whammy' pressure
NHAI gets SEBI nod for Raajmarg InvIT, paving way for public investment in highways
Meesho IPO Day 3: Issue subscribed over 79 times on final day; check allotment date & latest GMP
RBI's bold rate cut signals growth focus as Budget nears
Cloudflare outage briefly hits Zerodha, Groww & other services