Article Details

Okta data breach exposed personal information of employees. Okta is warning nearly 5,000 employees that the company was impacted by a data breach that exposed personal information. Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide. The data breach notification warns of a security incident that impacted Rightway Healthcare, which provides healthcare coverage for Okta employees and their families. On September 23, 2023, Rightway suffered a network breach, resulting in cybercriminals accessing an eligibility census file maintained for insurance provision and benefit plans for eligible individuals. The file contained the following information on current and former Okta employees and their dependents: Okta learned about the breach on October 12, 2023, when Rightway disclosed the attack, and immediately launched an investigation to determine the extent of the compromise. According to Okta's report to the Office of the Maine Attorney General, the breach impacted a total of 4,961 employees. Apart from the exposure of health information, the leak of employees' full names could be helpful to cybercriminals in deriving corporate email addresses and engaging in targeted brute-forcing to hijack valuable accounts within the company. The notice highlights twice that Okta has no evidence the personal information of those people has been misused. However, the firm encloses instructions on enrolling for two-year credit monitoring, identity theft protection, and fraud protection services through Experian. Okta's recent mishaps Okta has suffered a series of breaches over the past two years due to social engineering attacks or credential theft. On October 20, 2023, Okta warned that attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials. This exposure impacted customers of Okta, including BeyondTrust, Cloudflare, the 1Password password manager, and possibly many more. In December 2022, Okta admitted that hackers accessed confidential information and source code stored within private GitHub repositories. A similar hack was claimed in March 2022 by the notorious Lapsus$ threat group, this time involving customer data too, which the software vendor later admitted is real, saying it impacted 2.5% of its customers. Although the recent incident did not impact any customers, it affects a noteworthy number of individuals and elevates the overall security risk for the company.