News Heading

Okta Says Nearly 5K Employees Impacted via Third-Party Data Breach

Reading time: 2 min

Updated on Nov 2, 2023

  • Shipra Sanganeria

    Written by: Shipra Sanganeria Cybersecurity & Tech Writer

Okta, a leading identity and access management solution provider, disclosed another data breach incident affecting nearly 5,000 of its current and former employees.

According to the company’s notice, the security incident is said to be related to one of its third-party vendors, Rightway Healthcare. The company provides healthcare support services to Okta’s employees and their dependents, helping them find healthcare providers and rates.

On October 12, Okta was informed of the breach by Rightway, however, the actual incident is said to have occurred on September 23, 2023.

‘’[..] Rightway informed Okta that an unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta,’’ the company notice read.

Upon discovering the incident, an immediate investigation was launched by Okta and the affected file was reviewed to understand the possible impact on its former and current employees and their families.

‘’The types of personal information contained in the impacted eligibility census file included your Name, Social Security Number, and health or medical insurance plan number,’’ the investigation revealed. Okta emphasized that there was no evidence to suggest that impacted people’s personal information was misused.

However, as a precautionary measure, it is offering 2 years complimentary credit monitoring, identity restoration, and fraud detection services, to the affected individuals from Experian’s IdentityWorks product.

The incident which was reported to the Office of the Maine Attorney General revealed that a total of 4,961 employees were impacted by this breach.

The San Francisco-based cloud authentication software provider has suffered a series of security breaches over the past 2 years. The most recent being the October 20 credential theft attack, wherein its support management system was breached to steal sensitive user information.

Prior to this, in December 2022, the company found its private GitHub repositories hacked.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Show more...