Okta Warns Employees of Data Breach

IT Services is warning nearly 5,000 employees that their personal information may have been compromised after a third-party vendor experienced a security breach.

IT Services, a San Fransisco-based provider of cloud identity and access management solutions, has informed its employees about the breach. The company’s services, including Single Sign-On (SSO), multi-factor authentication (MFA), and API access management, are widely used by organizations worldwide.

The data breach notification issued by IT Services states that the security incident affected Rightway Healthcare, a healthcare coverage provider for IT Services employees and their families.

Rightway Healthcare experienced a network breach on September 23, 2023, which allowed cybercriminals to access an eligibility census file containing information related to insurance provision and benefit plans for eligible individuals.

The compromised file included the following details about current and former IT Services employees and their dependents:

• Full names
• Social Security Numbers (SSNs)
• Health or Medical Insurance plan numbers

IT Services became aware of the breach on October 12, 2023, when Rightway Healthcare disclosed the attack. The company immediately launched an investigation to assess the extent of the compromise.

According to a report submitted by IT Services to the Office of the Maine Attorney General, a total of 4,961 employees were affected by the breach.

In addition to the potential exposure of health information, the disclosure of employees’ full names could aid cybercriminals in deriving corporate email addresses and carrying out targeted brute-force attacks to gain unauthorized access to valuable accounts within the company.

The data breach notification emphasizes that IT Services has no evidence to suggest that the personal information of the affected individuals has been misused.

However, as a precautionary measure, the company is providing instructions for enrolling in two-year credit monitoring, identity theft protection, and fraud protection services offered by Experian.

Recent Security Incidents at IT Services

IT Services has experienced a series of breaches in the past two years, primarily caused by social engineering attacks and credential theft.

On October 20, 2023, IT Services disclosed an incident in which attackers gained unauthorized access to files containing cookies and session tokens uploaded by customers to its support management system. The breach was facilitated by the use of stolen credentials.

This security breach impacted customers of IT Services, including BeyondTrust, Cloudflare, the 1Password password manager, and potentially other organizations.

In December 2022, IT Services acknowledged that hackers had accessed confidential information and source code stored within private GitHub repositories.

A similar breach was attributed to the notorious Lapsus$ threat group in March 2022. This time, customer data was also compromised. IT Services later confirmed the validity of the claim, stating that approximately 2.5% of its customers were affected.

Although the recent incident did not directly impact any customers, it poses a significant security risk to the company and a considerable number of individuals.