Editor's Note: This story has been updated with a statement from Cognizant.
In 2024, IBM identified the manufacturing sector as the industry most attacked by cyber criminals for the third straight year – which is why we see even the biggest brands being impacted by the work of hackers.
Bleach maker Clorox is coming clean about the details surrounding a recent ransomware attack but the fingerpointing extends past the gang of perpetrators and all the way to the company’s IT provider.
Most Popular News:
- Production Starts at One of the Largest EV Battery Plants in North America
- 5 Million Pools Recalled: Child Safety Alert
- Was the Idea for Hulk Hogan-Branded Beer Stolen?
- Walt Disney Robot Made with Same Tech He Helped Pioneer 60 Years Ago
- Podcast: Hulk Hogan Lawsuit; Clock Company Closes; World's Skinniest EV
And Clorox believes that the IT firm's faults in this situation were so egregious that it has filed a lawsuit.
The suit points to a 2023 incident in which hackers from the group Scattered Spider targeted several firms.
According to Reuters, Scattered Spider is particularly adept at “tricking IT help desks into handing over credentials and then using that access to lock them up for ransom” – which is exactly what Clorox says happened in its case.
In fact, Clorox’s lawsuit claims suggest it was almost… easy.
The company alleges that one of the group’s hackers was able to repeatedly steal employees' passwords simply by calling the IT desk with its service provider - Cognizant - and simply asking for credentials. And while the hackers were posing as Clorox employees, Clorox alleges the service desk didn’t ask for verification details of any kind.
Reuters reviewed the lawsuit documents, which included call transcripts and other details showing just how basic the scheme was. According to the suit, "Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques … Cognizant handed the credentials right over."
Clorox said that the hack resulted in $380 million in damages, a large chunk of which came from the company’s inability to ship its goods in the immediate aftermath of the attack.
Cognizant issued the following statement to Industrial Equipment News (IEN) regarding the incident:
"It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack. Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant reasonably performed. Cognizant did not manage cybersecurity for Clorox."
Click here to subscribe to our daily newsletter featuring breaking engineering industry news.
