WASHINGTON, July 22 (Reuters) - Bleach maker Clorox

said Tuesday that it has sued information technology

provider Cognizant over a devastating 2023 cyberattack,

alleging that the hackers pulled off the intrusion simply by

asking the tech company's staff for employees' passwords.

Clorox was one of several major companies hit in August 2023

by the hacking group dubbed Scattered Spider, which specializes

in tricking IT help desks into handing over credentials and then

using that access to lock them up for ransom. The group is often

described as unusually sophisticated and persistent, but in

a case filed in California state court on Tuesday, Clorox said

one of Scattered Spider's hackers was able to repeatedly steal

employees' passwords simply by asking for them.

"Cognizant was not duped by any elaborate ploy or

sophisticated hacking techniques," according to a copy of the

lawsuit reviewed by Reuters. "The cybercriminal just called the

Cognizant Service Desk, asked for credentials to access Clorox's

network, and Cognizant handed the credentials right over."

Cognizant did not immediately return a message seeking

comment on the suit, which was not immediately visible on the

public docket of the Superior Court of Alameda County. Clorox

provided Reuters with a receipt for the lawsuit from the court.

Three partial transcripts included in the lawsuit allegedly

show conversations between the hacker and Cognizant support

staff in which the intruder asks to have passwords reset and the

support staff complies without verifying who they are talking

to, for example by quizzing them on their employee

identification number or their manager's name.

"I don't have a password, so I can't connect," the hacker

says in one call. The agent replies, "Oh, ok. Ok. So let me

provide the password to you ok?"

The 2023 hack caused $380 million in damages, Clorox said in

the suit, about $50 million of which were tied to remedial costs

and the rest of which were attributable to Clorox's inability to

ship products to retailers in the wake of the hack.

Clorox said the clean-up was hampered by other failures by

Cognizant's staff, including failure to de-activate certain

accounts or properly restore data.