Okta, an identity services provider, has issued breach notifications to around 5000 existing and ex-employees. It is important to note that third-party vendor Rightway Healthcare was compromised by unauthorized persons and they are giving an alarming alert of the Okta employee data breach.
The hackers were able to walk away with a document that contained employees’ names, social security numbers, and any relevant health or medical insurance plan details.
Surprisingly, the third-party Okta breach went unnoticed for almost three weeks since it happened on September 23. Finally, Okta was informed by Rightway Healthcare and the company acted with haste by terminating the breach.
About the Okta Employee Data Breach
Once they discovered the event, Okta’s Cybersecurity Director and Attorney, Ronald Anderson, initiated thorough investigations. As part of its investigation, it assessed the size of the damage suffered by both present and past workers as well as their beneficiaries by reviewing the affected document.
Despite this, Okta has not established that there have been instances of misutilization or unlawful activity concerning the divulged and confidential details of over 4,961 affected people. However, the identity services provider has gone the extra mile by providing the victims with two years of free credit monitoring, identity restoration, and fraud detection through Experian’s IdentityWorks service.
It seems that there was a security breach that mainly concerned Okta employees, but it still shows there are many security issues existing within the market of identity services.
Okta stated earlier this year, that several U.S. companies claimed that many of them experienced phishing cases directed towards their help desk personnel and ultimately wanted to gain access to administrative accounts of some users. The social engineering attack commenced in July and intensified until eventually the details of the victims were published on the internet.
Some of the victims included big players like MGM Resorts and Caesars Entertainment which are some major Las Vegas hotels and casinos. The other one was said to have parted with $15 million to settle the matter though the thieves got access to several customer data from tens of thousands of people. MGM lost more than 100 million dollars as they failed to fulfill the ransom demands.
Apart from the latest Okta employee data breach, the company revealed another breach incident in October giving out confidential customer data which formed part of a system used for troubleshooting problems.
This allowed hackers to intrude the Okta’s case management for customers and maybe they could get themselves into the HAR or HTTP Archive which was mainly for reproducing browser activities to solve the bugs.
It did not take long for an Okta customer called “OnePassword” to confirm that it was also affected by the intrusion. On the other hand, they convinced their customers that their login details were safe.
According to Okta’s spokesperson, the security breach pertained to Okta’s vendor (Rightway Health) as opposed to Okta services. However, the incident only entailed access to some personal data belonging to 2019-20 for Okta’s services and customer data.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
