After $380M hack, Clorox sues its “service desk” vendor for simply giving out passwords

According to the report, attackers successfully social-engineered Cognizant’s outsourced service desk to perform password and MFA resets for Clorox employees without proper identity verification, enabling intruders to access Clorox’s network, plant ransomware and exfiltrate data, and causing an estimated $380 million in damage; Clorox has sued Cognizant for failing to follow basic procedures and adequately train staff.