Clorox accuses IT provider in lawsuit of giving hackers employee passwords
Clorox was one of several major companies hit in August 2023 by the hacking group dubbed Scattered Spider, which specializes in tricking IT help desks into handing over credentials and then using that access to lock them up for ransom.
The group is often described as unusually sophisticated and persistent, but in a case filed in California state court on Tuesday, Clorox said one of Scattered Spider's hackers was able to repeatedly steal employees' passwords simply by asking for them.
"Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," according to a copy of the lawsuit, opens new tab reviewed by Reuters. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over."
Cognizant, in an emailed statement, pushed back, saying it did not manage cybersecurity for Clorox and it was only hired for limited help desk services.
"Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant reasonably performed," Cognizant said.
The suit was not immediately visible on the public docket of the Superior Court of Alameda County. Clorox provided Reuters with a receipt for the lawsuit from the court.
Three partial transcripts included in the lawsuit allegedly show conversations between the hacker and Cognizant support staff in which the intruder asks to have passwords reset and the support staff complies without verifying who they are talking to, for example by quizzing them on their employee identification number or their manager's name.
"I don't have a password, so I can't connect," the hacker says in one call. The agent replies, "Oh, OK. OK. So let me provide the password to you OK?"
The apparent ease with which the hackers got what they wanted wasn't necessarily an indication that they weren't skilled, said Maxie Reynolds, a security expert who has specialized in social engineering and is not a party to the case.
"They just tried what typically works," she said.
Reynolds said the full transcripts were needed to offer a fair evaluation of what happened in 2023 but said that, "if all they had to do was call and ask straight out, that's not social engineering and it is negligence/non-fulfillment of duty."
The 2023 hack at Clorox caused $380 million in damages, the suit said, about $50 million of which was tied to remedial costs and the rest attributable to Clorox's inability to ship products to retailers in the wake of the hack.
Clorox said the clean-up was hampered by other failures by Cognizant's staff, including failure to de-activate certain accounts or properly restore data.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Reuters
20 minutes ago
- Reuters
Forvia's cost and cash discipline drives near 8% rise in H1 core profit
July 28 (Reuters) - France-based car parts supplier Forvia ( opens new tab reported a 7.8% rise in its half-year core profit on Monday, led by cost cuts. Forvia's earnings before interest, taxes, depreciation and amortization (EBITDA) grew to 1.76 billion euros ($2.07 billion)in the first half of 2025, from 1.64 billion a year earlier. It said tariffs had no material impact thanks to effective counter measures, including strict cost and cash discipline, but they had delayed tenders especially in North America. Forvia booked new orders worth 14 billion euros in the first half, compared to 15 billion a year ago. It still confirmed its full-year 2025 guidance. Stellantis ( opens new tab announced mid-July the termination of its hydrogen fuel cell technology development program, impacting its SYMBIO joint venture with Forvia and Michelin ( opens new tab that relies on the carmaker for more than 80% of its business. "Forvia booked a non-cash depreciation of the financial assets related to the joint venture, consolidated under equity method, for 136 million euros," the group said in a statement. ($1 = 0.8511 euros)
Reuters
20 minutes ago
- Reuters
Trump pauses export controls to bolster China trade deal, FT says
July 28 (Reuters) - The U.S. has paused curbs on tech exports to China to avoid disrupting trade talks with Beijing and support President Donald Trump's efforts to secure a meeting with President Xi Jinping this year, the Financial Times said on Monday. The industry and security bureau of the Commerce Department, which oversees export controls, has been told in recent months to avoid tough moves on China, the newspaper said, citing current and former officials. Reuters could not immediately verify the report. The White House and the department did not respond to Reuters' requests for comment outside business hours. Top U.S. and Chinese economic officials are set to resume talks in Stockholm on Monday to tackle longstanding economic disputes at the centre of a trade war between the world's top two economies. Tech giant Nvidia (NVDA.O), opens new tab said this month it would resume sales of its H20 graphics processing units (GPU) to China, reversing an export curb the Trump administration imposed in April to keep advanced AI chips out of Chinese hands over national security concerns. The planned resumption was part of U.S. negotiations on rare earths and magnets, Commerce Secretary Howard Lutnick has said. The paper said 20 security experts and former officials, including former deputy US national security adviser Matt Pottinger, will write on Monday to Lutnick to voice concern, however. "This move represents a strategic misstep that endangers the United States' economic and military edge in artificial intelligence," they write in the letter, it added.
Daily Mail
20 minutes ago
- Daily Mail
White House in 'full-bore panic mode' over Epstein files and FBI 'breaking at the seams'
President Trump is reportedly furious over the botched handling of the Jeffrey Epstein files as The White House launches into 'full-bore panic mode' in a desperate attempt to change the subject. The Justice Department and FBI have come under fire as they scramble to end the ongoing fallout after Attorney General Pam Bondi's so-called 'communications failure' snowballed into a crisis. Trump is now fuming about the inconsistent Epstein narratives emerging from Washington D.C. as the saga continues to dominate headlines. 'This is a pretty substantial distraction,' a White House source told The Washington Post, citing 'nearly a dozen people close to the situation.' 'While many are trying to keep the unity, in many ways, the DOJ and the FBI are breaking at the seams. Many are wondering how sustainable this is going to be for all the parties involved - be it the FBI director or attorney general.' Any attempts by Bondi and FBI Director Kash Patel to tamp down the rampant speculation about Epstein have only fueled more conspiracy theories and negative attention. 'They completely miscalculated the fever pitch to which they built this up,' Stephen A. Saltzburg, a former Justice Department official told the Post. 'Now, they seem to be in full-bore panic mode, trying to change the subject and flailing in an effort to make sense of what makes no sense.' But Trump is refusing to make the one move that could silence his critics and reset the narrative. 'He does not want to create a bigger spectacle by firing anyone,' the source told the Post. So Bondi, Patel and FBI deputy director Dan Bongino continue their fruitless campaign to end the speculation around the death of one of the most infamous billionaire of the 21st century. The release of security footage from outside Epstein's jail cell from the night he took his own life - an attempt to stop conspiracy theories that he was murdered - was Patel and Bongino's idea, multiple sources revealed. However, the video missing three minutes of footage from that night made things worse. Both are now privately upset that they haven't been able to release more of the Epstein files with Bongino on the verge of quitting as all three play the blame game with one another. Bongino's frustration came to a head in a stunning post to X over the weekend, revealing he has discovered matters that have 'shocked me down to my core' during his time in office. He shared a cryptic message to his social media in which he vowed to uncover 'the truth' amid mounting criticism of his handling of the Epstein files. Bongino added: 'We cannot run a Republic like this. I'll never be the same after learning what I've learned. A source inside the DOJ told Daily Mail that Bongino was ready to stand down if Attorney General Pam Bondi didn't. Todd Blanche, the president's former attorney and now Bondi's second in command at the DOJ, denied any beef between his department and the FBI in a statement. 'The suggestion by anyone that there was any daylight between the FBI and DOJ leadership on this memo's composition and release is patently false,' he said. The fallout of that memo continues, with the Wall Street Journal reporting that Bondi told Trump in May that his name appeared in the Epstein files. Trump on Friday denied ever being briefed by Attorney General Pam Bondi that his name was in the files. 'No, I was never briefed. No,' he told reporters after he landed in Scotland to visit his golf courses. But Bondi briefed Trump during a May 2025 meeting that his name was found in the Epstein documents 'multiple times,' according to reports. Other high-profile individuals are also named in the investigation about Epstein's sex crimes. Just because the president is named in the files does not implicate him in any wrongdoing or connect him to Epstein's child sex trafficking crimes. Patel and Dan Bongino (pictured) are now privately upset that they haven't been able to release more of the Epstein files with Bongino on the verge of quitting as all three play the blame game with one another Todd Blanche (pictured), the president's former attorney and now Bondi's second in command at the DOJ, denied any beef between his department and the FBI The Wall Street Journal originally broke the news of Bondi's briefing to Trump. The Justice Department told the news outlet that Trump was made aware of the findings of the Epstein files as part of the 'routine briefing.' Bondi also allegedly acknowledged that the administration should withhold the files due to them containing images of child sexual abuse Blanche reportedly said that nothing was found in the files that would mandate an additional investigation - or even prosecution. 'As part of our routine briefing, we made the president aware of the findings,' they told the Journal. White House communications director Steven Cheung slammed the report as 'fake news' in a statement to the Daily Mail. 'The fact is that the president kicked him out of his club for being a creep. This is nothing more than a continuation of the fake news stories concocted by the Democrats and the liberal media, just like the Obama Russiagate scandal, which President Trump was right about,' he said when the report came out earlier this week. But, try as he might, Trump cannot move on from questions about Epstein, who died in a New York prison in 2019 while awaiting charges related to sex crimes. His death, ruled to be a suicide, sparked endless conspiracy theories that questioned how he may have really died and who among the rich and powerful would have benefitted from it. The president associated with Epstein and British socialite Maxwell in the 1980s and 1990s. Epstein's right-hand woman and former lover Ghislaine Maxwell was questioned this week by Deputy Attorney General Blanche. She is serving 20 years behind bars for his involvement in Epstein's crimes. The 63-year-old made it clear earlier this month that she was willing to speak in front of Congress about the case. Maxwell appears to be angling for a pardon from the president after she 'didn't hold back' during secret questioning session. Her attorney David Oscar Markus claimed that she spoke with Deputy Attorney General Todd Blanche about '100 different people' related to Epstein's child sex trafficking ring. 'They asked about every possible thing you could imagine – everything,' Markus told reporters. He also said Maxwell is being used as the 'scapegoat' in the entire Epstein case and has been 'treated unfairly for the last five years.' Her attorney said that they had not put in a formal request with the White House for a pardon for Maxwell following the conclusion of Day 2 of questioning. But Markus didn't rule out taking that action in the future, saying 'things are happening so quickly.' 'The president said earlier he has the power to do so, we hope he exercises that power in the right way,' he said of a potential commutation. Trump refused to rule out invoking his presidential pardon powers for Maxwell when asked on Friday morning. 'I'm allowed to do it, but it's something I haven't thought about,' he said. But, asked again about the matter later Friday, Trump, meanwhile, declined to talk about Maxwell and said 'this is no time to be talking about pardons.' 'I really have nothing to say about it. She is being talked to by a very smart man, a very good man, Todd Blanche. And I don't know anything about the conversation. I haven't really been following it,' he said. 'A lot of people are asking me about pardons. This is no time to be talking about pardons,' he added. Meanwhile, over the course of two days, Maxwell and her attorney have spent more than nine hours answering Blanche's questions. It's not clear when or if the DOJ will release what was learned in the meetings. Markus said Maxwell is grateful to have had the chance to sit-down with Blanche. 'This was the first opportunity she's ever been given to answer questions about what happened,' Markus said. 'The truth will come out about what happened with Mr. Epstein and she's the person whose answering those questions.' A growing fringe effort to get Trump to pardon Maxwell has unfolded after the Justice Department rejected her effort to have her conviction on child sex trafficking charges thrown out. Maxwell is serving a 20-year prison sentence for her role in conspiring with Epstein to sexually abuse minors. She was convicted in 2021 on five counts related to sex trafficking and conspiracy. It's unclear what she can reveal that isn't already public and the closed-door meeting is fueling skepticism over the handling of the Epstein files review. Maxwell is also on the books to testify before Congress from prison on August 11.
