MSP Sued by Client
Whoops
Cognizant manages Clorox's internal networks, and employees who have issues with their passwords, multi-factor authentication (MFA) codes, and VPNs must coordinate with the IT provider to regain access to their system. However, Clorox alleges that the Cognizant Service Desk gave access passwords without verifying the identity of the caller. Such action would contradict the policies that have been set in place to prevent unauthorized personnel from gaining access, which Ars Technica says include an internal verification and self-reset password tool. In case the user does not have access to this, Cognizant must check their identity by asking for their manager’s name and their username. This would reset their password, but it will also email the employee and their supervisor to help ensure some level of security.
IT provider sued after it simply ‘handed the credentials’ to hackers — Clorox claims Cognizant gaffe enabled a $380m ransomware attack
Your network security is only as strong as its weakest link.
Jowi Morales
Not exactly ideal. I wonder how this will pan out.
#enoughsaid