The Clorox Co. is suing its longtime IT vendor, Cognizant, over a devastating 2023 cyberattack that brought Clorox’s operations to a halt and led to an estimated $380 million in damages. But Cognizant is pushing back, calling Clorox’s claims a deflection from its own cybersecurity failures.
Filed this week in California state court, the lawsuit alleges that a cybercriminal gained access to Clorox’s systems in August 2023 by impersonating an employee in a call to Cognizant’s help desk. Clorox says that Cognizant staff failed to follow basic verification procedures, allowing the attacker to reset login credentials and infiltrate the company’s entire network.
According to the complaint, the breach resulted in $49 million in direct remediation costs and extensive downtime that disrupted manufacturing, delayed shipments, and hurt Clorox’s bottom line. The company also accuses Cognizant of mishandling incident response and disaster recovery, compounding the damage.
But in a sharply worded statement, Cognizant denied any responsibility for the attack, arguing that Clorox is attempting to shift blame for its own inadequate cybersecurity practices.
“It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack,” the company said. “Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant performed. Cognizant did not manage cybersecurity for Clorox.”
Clorox is seeking damages for breach of contract, negligence, and misrepresentation, claiming Cognizant failed to meet its obligations and industry standards. The case highlights growing legal tensions between enterprises and third-party vendors in the wake of high-profile cyberattacks.
While Clorox continues to recover from the incident, Cognizant reported $20 billion in revenue for 2024 and has not indicated whether it plans to countersue or settle.
Don’t miss any content from Distribution Strategy Group. Join our list.
