Skip to main content
close search
site logo

Clorox files $380 million suit blaming Cognizant for 2023 cyberattack

The attack, linked to Scattered Spider, disrupted production of household cleaners and other goods.

Published July 23, 2025
David Jones's headshot
Reporter
Bottles of Clorox bleach on a supermarket shelf.
Clorox filed a suit blaming the company that provided its IT help desk for a 2023 cyberattack. Justin Sullivan via Getty Images

Clorox on Tuesday sued Cognizant, which managed its IT help desk, alleging the company responsible for a 2023 cyberattack that crippled Clorox’s production capability and cost the company $380 million. 

Hackers breached Clorox in August 2023 in a social-engineering attack that disrupted its IT infrastructure and its ability to ship core products, including household cleaners and other goods, for months. 

In a lawsuit filed in California Superior Court, Clorox argued that Cognizant failed to protect Clorox’s computer systems by handing over credentials to the attackers without proper authentication. Clorox also claims that Cognizant botched its response to the attack, prolonging the recovery time.

“Clorox entrusted Cognizant with the critical responsibility of safeguarding Clorox’s corporate systems — and Cognizant failed miserably,” said Mary Rose Alexander, outside counsel for The Clorox Company and partner at Latham & Watkins. “Cognizant didn’t just drop the ball. They handed over the keys to Clorox’s corporate network to a notorious cybercriminal group in reckless disregard for Clorox’s policies and long-established cybersecurity standards. It’s all captured on call recordings, and it’s indefensible.”

Researchers have attributed the Clorox attack to Scattered Spider, a notorious hacking collective that has repeatedly struck targets in the retail, insurance and airline industries over the past several months. The group specializes in social-engineering attacks that use techniques like voice phishing to trick IT help desks into giving the hackers credentials and bypassing users’ multifactor-authentication protections. 

Cognizant criticized Clorox for the lawsuit and said questions remained about how Clorox managed its own internal cybersecurity protocols.

“It is shocking that a corporation the size of Clorox had such an inept internal cybersecurity system to mitigate this attack,” Cognizant told Cybersecurity Dive in a statement. “Clorox has tried to blame us for these failures, but the reality is that Clorox hired Cognizant for a narrow scope of help desk services which Cognizant reasonably performed. Cognizant did not manage cybersecurity for Clorox.”

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Anomali Launches Detect Live 2025: A Virtual User Conference for Cybersecurity and IT Leaders …
From Anomali
July 22, 2025
Anomali logo
Monumental fraud and attack risks exposed as study of 141 million leaked files reveals financi…
From Lab 1
July 22, 2025
Lab 1 logo
Anne Arundel Dermatology Data Breach Investigation
From Migliaccio & Rathod LLP
July 17, 2025
Miggo Redefines Vulnerability Management with Launch of VulnDB
From McKinsey Next Trend Cyber News
July 15, 2025
Editors' picks
Latest in Breaches
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.