Practically 5,000 Okta staff affected by third-party knowledge breach

Up to date at 12:50pm EST with a press release from Okta.

Virtually 5,000 present and former Okta staff and dependents have been affected by an information breach following a cyberattack on a third-party supplier utilized by the corporate for healthcare providers.

In keeping with paperwork submitted to regulators in Maine, the one sign-on supplier mentioned Rightway Healthcare — which Okta makes use of to assist staff discover healthcare suppliers and charges — knowledgeable them of an information breach that occurred on September 23.

“On October 12, 2023, Rightway knowledgeable Okta that an unauthorized actor gained entry to an eligibility census file maintained by Rightway in its provision of providers to Okta. Upon discovering the incident, we promptly launched an investigation and reviewed the affected file to find out the extent of the impression to our present and former staff, and their dependents,” Okta advised its staff.

The corporate mentioned names, Social Safety numbers, well being or medical insurance coverage plan numbers have been leaked in the course of the assault. In whole, 4,961 staff have been affected.

These affected are being provided two years of free credit score monitoring, identification restoration and fraud detection providers via Experian.

In a press release to Recorded Future Information, Okta mentioned Rightway “had a safety incident in September 2023 during which recordsdata from April 2019 via 2020 have been exfiltrated from its IT atmosphere. These contained private details about staff and their dependents from 2019/2020. This incident doesn’t relate to using Okta providers and Okta providers stay safe. No Okta buyer knowledge is impacted by this incident.”

The breach comes days after the corporate was embroiled in controversy over a safety incident that affected a number of of their prospects.

Password supervisor 1Password, cybersecurity agency BeyondTrust and cybersecurity and networking large Cloudflare all mentioned they have been focused by hackers following the Okta breach.

Cloudflare slammed Okta for permitting the hacker to remain of their programs from October 2 to October 18 regardless of being notified of the difficulty by BeyondTrust.

Okta additionally confronted backlash final 12 months for its dealing with of one other knowledge breach involving a number of prospects, and the corporate’s CSO publicly apologized for the incident.