https://www.wnd.com/2025/08/helpdesk-havoc-why-clorox-is-suing-indian-company/
Why Clorox is suing Indian company for $380 million
- In Clorox’s telling, the hacker didn’t crack advanced encryption or spear-phish executives. He just called Cognizant on the phone and lied
By Amanda Bartolotta — August 7, 2025
*** begin quote ***
In a San Francisco courtroom, the Clorox Company recently dropped a legal bombshell – a $380 million lawsuit against Indian-American information technology company Cognizant, alleging gross negligence in a 2023 cyberattack.
In the complaint dated July 22, 2025, Clorox contends a hacker simply called Cognizant’s helpdesk, lied about being an employee and was handed network credentials – no identity verification, no oversight, just a password transfer. The resulting cyberattack ended up paralyzing Clorox’s operations, costing upwards of $49 million in remediation and much more in lost business.
*** end quote ***
Way back when I ran an information security desk, long before “password managers”, in the “yellow sticky note” era, I was challenged to reduce the number of password resets my group was doing. Not for security; a cost saving attempt. (We figured that every call cost the company about 50$ in lost productivity.) So my team came up with a great solution, when a call came in for a forgotten password, we’d just have the person have his supervisor call in for a reset. Laugh! Calls dropped dramatically. It was trivial to verify the supervisor since we’d just call them back at their number listed in the company phonebook. (Those still existed.) Then the supervisor would connect the employee and we’d do the reset. Call dropped so much we had weekly pool when the next one would come in. (Dollar a head per week. Pool grew about 20$ per week.) Sometimes we went a month without a reset.
Guess outsourcing your help desk was NOT so cost effective?
— 30 —
Posted by reinkefj 
Reinke Faces Life 