September Cyberattack Leaks Okta Employees’ Sensitive Data

Nearly 5,000 individuals, encompassing current and former employees of Okta and their families, have been thrust into peril due to a data breach by a third-party vendor servicing Okta’s healthcare needs.

The information breach proved significant; Okta reported to regulators that Rightway Healthcare, which facilitates the location of medical facilities and service costs for Okta employees, fell victim to a cyberattack on September 23rd. Subsequently, on October 12th, Rightway acknowledged that unauthorized access to files had occurred, leading to the compromise of critical data.

Okta swiftly initiated an investigation and assessment to determine the extent of the issue. They disclosed that the leak affected personal data, including names, social security numbers, and medical insurance plan numbers, impacting a total of 4,961 individuals.

As a remedial gesture, Okta has offered all affected parties a two-year complimentary subscription to a financial transaction monitoring service, identity theft restoration services, and financial fraud detection systems.

Okta representatives informed the news agency Recorded Future News that the Rightway incident does not impact the direct use of Okta’s services and assured that the integrity of their systems remains intact. Furthermore, they emphasized that Okta customer data remains secure.

It’s noteworthy that this incident is not Okta’s first major cybersecurity lapse. In September, hackers obtained superadministrator privileges within Okta’s systems through a social engineering attack on support staff. Additionally, in December 2022, cybercriminals breached Okta’s GitHub repositories and absconded with source code.

Moreover, in October, the prominent password manager 1Password detected suspicious activity in its Okta instance linked to a customer support system incident. 1Password utilizes Okta, the preeminent provider of security tools, to manage applications designed for employee use.