November 2, 2023 at 11:39AM
Okta has notified approximately 5,000 employees that a file containing their personal information was stolen in a breach on one of their third-party vendors, Rightway Healthcare. The breach occurred on September 23, but was only discovered on October 12. Okta has found no evidence of the personal information being misused and will provide affected individuals with two years of credit monitoring services. This is not the first security incident for Okta, as they experienced phishing attempts in August and a breach of customer files in October.
According to the meeting notes, Okta, an identity services provider, sent breach notifications to around 5,000 employees. The breach occurred through one of Okta’s third-party vendors, Rightway Healthcare, which was compromised by unauthorized individuals on September 23. Okta was informed about the intrusion nearly three weeks later.
Okta promptly launched an investigation and determined that the personal information of 4,961 individuals had been accessed. However, there is currently no evidence to suggest that the personal information has been misused. As a precautionary measure, Okta will provide affected individuals with two years of free credit monitoring, identity restoration, and fraud detection services from Experian’s IdentityWorks.
It’s worth noting that this breach appears to be limited to Okta employees, but Okta’s customers have also faced security issues in recent months. In August, multiple customers reported phishing attempts targeting their IT service teams. These attacks affected companies like MGM Resorts and Caesars Entertainment, with Caesars reportedly paying a $15 million ransom.
Additionally, Okta experienced a separate security breach in October. Intruders gained access to sensitive customer files used for solving support tickets. Okta’s Chief Security Officer, David Bradbury, explained that the criminals used stolen credentials to access Okta’s support case management system and potentially stole HTTP Archive (HAR) files.
Further, 1Password, one of Okta’s customers, confirmed being affected by this recent breach but assured its own customers that their login details remained secure.