reuters.com - Bleach maker Clorox said Tuesday that it has sued information technology provider Cognizant over a devastating 2023 cyberattack, alleging the hackers gained access by asking the tech company's staff for its employees' passwords.
WASHINGTON, July 22 (Reuters) - Bleach maker Clorox (CLX.N), opens new tab said Tuesday that it has sued information technology provider Cognizant (CTSH.O), opens new tab over a devastating 2023 cyberattack, alleging the hackers gained access by asking the tech company's staff for its employees' passwords.
Clorox was one of several major companies hit in August 2023 by the hacking group dubbed Scattered Spider, which specializes in tricking IT help desks into handing over credentials and then using that access to lock them up for ransom.
The group is often described as unusually sophisticated and persistent, but in a case filed in California state court on Tuesday, Clorox said one of Scattered Spider's hackers was able to repeatedly steal employees' passwords simply by asking for them.
"Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques," according to a copy of the lawsuit, opens new tab reviewed by Reuters. "The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over."
Cognizant, in an emailed statement, pushed back, saying it did not manage cybersecurity for Clorox and it was only hired for limited help desk services.
Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.
Documents reveal how Israel seized files, suppressed information related to WhatsApp’s lawsuit against Pegasus spyware vendor NSO
Google’s parent company, Alphabet, has filed a lawsuit against two people based in China for using the company’s platform for scam cryptocurrency apps that amassed over 100,000 downloads.
Alphabet claims that scammers used its platforms, Google Play and YouTube, to upload and advertise fraudulent crypto apps.
Shipping information and order details of thousands of customers worldwide were leaked in September 2020.
Read more at straitstimes.com.
The settlement last week in a $100 million lawsuit over whether insurance giant Zurich should cover losses Mondelez International suffered from NotPetya may very well reshape the entire cyber insurance marketplace.
Zurich initially denied claims from Mondelez after the malware, which experts estimate caused some $10 billion in damages globally, wreaked havoc on its computer networks. The insurance provider claimed an act of war exemption since it’s widely believed Russian military hackers unleashed NotPetya on a Ukrainian company before it spread around the world.
Meta will pay $90 million to settle litigation over Facebook's use of cookies to track users’ internet use even after they had logged off.
