Okta, a cloud-based authentication service, is grappling with yet another security breach, this time exposing the personal information of 4961 of its employees.
The breach occurred in September and targeted a third-party vendor, Rightway Healthcare, used by Okta to support its employees and dependents in locating healthcare services. The company learned about the breach on October 12th and revealed it only three weeks later, raising eyebrows about its cybersecurity culture.
“On October 12, 2023, Rightway informed Okta that an unauthorized actor
gained access to an eligibility census file maintained by Rightway in its provision of services to Okta. Upon discovering the incident, we promptly launched an investigation and reviewed the affected file to determine the extent of the impact to our current and former employees, and their dependents,” said a letter by Ronald Anderson, Director and Legal Counsel-Cybersecurity at Okta.
According to the email, an unidentified threat actor gained access to Rightway’s network, initially compromising an employee’s cell phone. This initial breach allowed the attacker to change credentials and access an eligibility census file that Rightway maintained on Okta’s behalf.
The file contained personal information from 2019 through 2020, affecting Okta employees and their dependents. Additionally, Okta acknowledged that the compromise may have impacted multiple Rightway customers.
“The types of personal information contained in the impacted eligibility census file included your Name, Social Security Number, and health or medical insurance plan number. We have no evidence to suggest that your personal information has been misused against you,” said the email.
This massive breach followed just weeks after another incident at Okta. The threat actors gained access to Okta’s customer support and obtained credentials that led to the breach of internal Okta administration accounts.
Armed with this data, hackers then attacked multiple companies, including 1Password, BeyondTrust and Cloudflare. Earlier this year a security flaw found in Okta’s Auth0’s JWT library allowed remote code execution. Last December, Okta’s Github account was hacked, and the source code was stolen. In another breach last year, the Lapsus ransomware group breached Okta’s systems.
In the News: Automation and AI to secure Microsoft’s software dev efforts
