{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Daily Security Review","title":"Clorox Sues Cognizant Over $356M Cyberattack: Who's Really to Blame?","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/8e2a4346\"></iframe>","width":"100%","height":180,"duration":2678,"description":"In one of the most dramatic cybersecurity legal battles of the past year, Clorox has filed a lawsuit against IT services giant Cognizant, accusing the company of gross negligence that allegedly enabled a catastrophic 2023 cyberattack. The breach wreaked havoc on Clorox's operations—causing widespread product shortages, a multibillion-dollar hit to its market cap, and an estimated $356 million in damages.At the center of the controversy? A series of alleged failures by Cognizant's help desk staff, who Clorox claims repeatedly reset passwords and multi-factor authentication (MFA) credentials without verifying identities. Hackers, believed to be part of the Scattered Spider group, reportedly exploited these lapses to gain system access via social engineering—highlighting a growing trend of attacks bypassing technical safeguards by targeting human weaknesses.But Cognizant is pushing back hard, arguing that its role was limited to narrow help desk services and that Clorox's own cybersecurity defenses were inadequate. The dispute raises urgent questions about third-party risk, contractual clarity, and the fine line between support roles and security responsibilities in IT outsourcing relationships.This episode dives deep into:The timeline and tactics behind the Clorox breachWhat the lawsuit reveals about gaps in MFA implementation and help desk protocolsThe contractual gray areas now under legal scrutinyWhy even companies hailed for cybersecurity investments—Clorox spent over $500 million on IT upgrades—can fall victim to poor vendor oversightLessons for organizations on drafting better IT service contracts, vetting MSPs, and strengthening protections against social engineering attacksWe also examine how this case underscores the broader industry shift: Organizations may outsource IT functions, but they can never outsource accountability.Whether you’re in legal, IT, procurement, or the C-suite, this is a must-listen episode on how a help desk misstep became a case...","thumbnail_url":"https://img.transistorcdn.com/pL79_MJFeJHamQ_ztImsGmDSMdl27VMk_30TAkieujE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNzg5/ZjlhNzM5Y2M4Njli/NjkxNzgyODA2Nzhi/MDI2ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}