Okta notifies 5,000 staff of breach at third-party provider

Breach linked to third-party vendor

Okta notifies employees of data breach, offers identity protection services

Image:
Okta notifies employees of data breach, offers identity protection services

Okta, a leading identity services provider, has issued breach notifications to nearly 5,000 current and former employees following a security incident involving one of its third-party vendors.

The breach, which occurred at Rightway Healthcare, exposed sensitive personal information, including names, health or insurance plan numbers and social security numbers.

Rightway Healthcare is a company that assists individuals, including Okta employees and their families, in comparing healthcare providers and rates.

The unauthorised intrusion into Rightway's IT environment took place on 23rd September, but Okta only learned of the breach on 12th October.

"Upon discovering the incident, we promptly launched an investigation and reviewed the affected file to determine the extent of the impact to our current and former employees, and their dependents," Okta said [pdf].

In a statement to Computing, Okta said:

"An Okta vendor, Rightway Health, had a security incident in September 2023 in which files from April 2019 through 2020 were exfiltrated from its IT environment. These contained personal information about employees and their dependents from 2019/2020. This incident does not relate to the use of Okta services and Okta services remain secure. No Okta customer data is impacted by this incident."

Although the breach compromised data belonging to 4,961 individuals, Okta says there is no evidence suggesting the misuse of their personal information. The company informed its employees about the breach on 1st November, and is now "reviewing our relationship" with Rightway.

Okta is offering affected individuals the option to enrol in two years of credit monitoring, identity theft protection and fraud protection services through Experian.

Latest in a line

Okta provides organisations with identity and access tools, including single sign-on solutions that grant employees access to various company resources using one set of credentials.

The company's customers have faced their fair share of security challenges in recent months.

Last month, Okta disclosed a breach in its support case management system, which enabled hackers to gain unauthorised access using valid credentials, exposing private customer information.

Customers impacted included BeyondTrust, Cloudflare and 1Password.

1Password said its security systems raised an alert on 29th September after identifying suspicious activity on its Okta instance. The suspicious activity prompted immediate action by 1Password to terminate the unauthorised access.

Cloudflare was also subjected to a similar incident, where the hackers used a stolen session token from Okta to compromise two separate Cloudflare employee accounts linked to Okta.

In early September, Okta warned its customers about social engineering attacks carried out by threat actors in recent weeks. These attacks aimed to obtain elevated administrator permissions and specifically targeted IT service desk staff.

Last year, Okta disclosed that hackers had stolen some of its source code stored in a GitHub account.

And earlier in the same year, hackers posted screenshots that revealed unauthorised access to Okta's internal network after compromising a company that Okta utilised for customer service.