Article Details

Okta hit by third-party data breach exposing employee information. Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached. Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide. The data breach notification warns of a security incident that impacted Rightway Healthcare, which provides healthcare coverage for Okta employees and their families. On September 23, 2023, Rightway suffered a network breach, resulting in cybercriminals accessing an eligibility census file maintained for insurance provision and benefit plans for eligible individuals. The file contained the following information on current and former Okta employees and their dependents: Okta learned about the breach on October 12, 2023, when Rightway disclosed the attack, and immediately launched an investigation to determine the extent of the compromise. According to Okta's report to the Office of the Maine Attorney General, the breach impacted a total of 4,961 employees. Apart from the exposure of health information, the leak of employees' full names could be helpful to cybercriminals in deriving corporate email addresses and engaging in targeted brute-forcing to hijack valuable accounts within the company. The notice highlights twice that Okta has no evidence the personal information of those people has been misused. However, the firm encloses instructions on enrolling for two-year credit monitoring, identity theft protection, and fraud protection services through Experian. Okta shared a statement after this story was published stating that the exposed employee data was from April 2019 through 2020. "An Okta vendor, Rightway Health, had a security incident in September 2023 in which files from April 2019 through 2020 were exfiltrated from its IT environment," Okta told BleepingComputer. "These contained personal information about employees and their dependents from 2019/2020. This incident does not relate to the use of Okta services and Okta services remain secure. No Okta customer data is impacted by this incident." Okta's recent mishaps Okta has suffered a series of breaches over the past two years due to social engineering attacks or credential theft. On October 20, 2023, Okta warned that attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. This exposure impacted customers of Okta, including BeyondTrust, Cloudflare, the 1Password password manager, and possibly many more. In December 2022, Okta admitted that hackers accessed confidential information and source code stored within private GitHub repositories. A similar hack was claimed in March 2022 by the notorious Lapsus$ threat group, this time involving customer data too, which the software vendor later admitted is real, saying it impacted 2.5% of its customers. Although the recent incident did not impact any customers, it affects a noteworthy number of individuals and elevates the overall security risk for the company.