Latest news with #Cognizant-operated

Time of India

Cognizant says: Shocking that ..., as America's largest Bleach maker Clorox sues the company, claims Cognizant employees gave password on phone

Cognizant Cognizant is facing lawsuit from America's largest Bleach maker Clorox. Bleach maker Clorox sued information technology provider Cognizant over a devastating 2023 cyberattack, alleging the hackers gained access by asking the tech company's staff for its employees' passwords. Clorox was one of several major companies hit in August 2023 by the hacking group dubbed Scattered Spider. Clorox provided news agency Reuters with a receipt for the lawsuit from the court. The 2023 hack at Clorox caused $380 million in damages, the suit said, about $50 million of which was tied to remedial costs and the rest attributable to Clorox's inability to ship products to retailers in the wake of the hack. Clorox lawsuit shares transcript of alleged conversation between Cognizant employees and hackers Clorox, in its lawsuit filed Tuesday in the Superior Court of California, County of Alameda, said that it has trusted Cognizant for over a decade to 'play critical roles in Clorox's cyber environment.' Clorox alleged that Cognizant, despite being provided 'straight-forward procedures' to properly authenticate employees who called its Cognizant-operated service desk to reset their credentials, failed to do so, resulting in a 'catastrophic cyberattack' on the company. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Treatment That Might Help You Against Knee Pain Knee pain | search ads Find Now Undo 'Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques. The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over. Cognizant is on tape handing over the keys to Clorox's corporate network to the cybercriminal—no authentication questions asked,' Clorox alleges in the lawsuit. Three partial transcripts included in the lawsuit allegedly show conversations between the hacker and Cognizant support staff in which the intruder asks to have passwords reset and the support staff complies without verifying who they are talking to, for example by quizzing them on their employee identification number or their manager's name. "I don't have a password, so I can't connect," the hacker says in one call. The agent replies, "Oh, OK. OK. So let me provide the password to you OK?" "Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," according to a copy of the lawsuit reviewed by Reuters. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over." Clorox further claimed that the clean-up was hampered by other failures by Cognizant's employees, including failure to de-activate certain accounts or properly restore data. Cognizant says: We were not hired for security Responding to the accusations and the lawsuit, Cognizant claimed, in an email statement to Reuters, that the company did not manage cybersecurity for Clorox and it was only hired for limited help desk services. "Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant reasonably performed," Cognizant said. Jeff DeMarrais, Cognizant's senior vice president of global marketing and chief communications officer, told CRN that it was Clorox's own security practices that were lax. 'It is shocking that a corporation the size of Clorox had such had an inept internal cybersecurity system to mitigate this attack. Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant reasonably performed. Cognizant did not manage cybersecurity for Clorox,' DeMarrais wrote.