Okta’s Recent Data Breach

Okta, a San Francisco-based cloud identity and access management solutions provider, has recently issued a warning to nearly 5,000 current and former employees regarding a data breach. This breach occurred after a third-party vendor experienced a security incident.

The breach specifically impacted Rightway Healthcare, a healthcare coverage provider for Okta employees and their families. On September 23, 2023, Rightway suffered a network breach, resulting in cybercriminals gaining unauthorized access to an eligibility census file that contained personal information related to insurance provision and benefit plans for eligible individuals.

The compromised file contained sensitive details such as full names, Social Security Numbers (SSNs), and Health or Medical Insurance plan numbers of both current and former Okta employees, as well as their dependents.

Okta became aware of the breach on October 12, 2023, when Rightway disclosed the attack. In response, Okta immediately launched an investigation to assess the extent of the compromise.

According to a report submitted by Okta to the Office of the Maine Attorney General, a total of 4,961 employees were affected by this breach.

Aside from the exposure of health information, the disclosure of employees’ full names could potentially aid cybercriminals in deriving corporate email addresses and conducting targeted brute-force attacks to compromise valuable accounts within the company.

It is important to note that Okta has no evidence suggesting that the personal information of those affected has been misused at this time.

Nevertheless, as a precautionary measure, Okta has provided instructions for affected individuals to enroll in a two-year credit monitoring, identity theft protection, and fraud protection service offered by Experian.

In a statement to BleepingComputer, Okta clarified that the exposed employee data pertains to the period between April 2019 and 2020. They emphasized that this incident is unrelated to the use of Okta services and reassured that their services remain secure, with no impact on Okta customer data.

Okta’s Recent Security Incidents

Over the past two years, Okta has experienced a series of breaches primarily caused by social engineering attacks or credential theft.

On October 20, 2023, Okta disclosed a breach where attackers gained unauthorized access to files containing cookies and session tokens uploaded by customers to their support management system. The breach was facilitated by stolen credentials, and it affected various Okta customers, including BeyondTrust, Cloudflare, and the 1Password password manager, among others.

In December 2022, Okta admitted that hackers had gained access to confidential information and source code stored within private GitHub repositories.

Another hack involving customer data was claimed by the notorious Lapsus$ threat group in March 2022. Okta later confirmed the validity of the breach, revealing that it impacted 2.5% of its customers.

While the recent data breach did not directly impact Okta’s customers, it has affected a significant number of individuals and has heightened the overall security risk for the company.