Okta tells 5,000 of its own staff that their data was accessed in third-party breach

The hits keep on coming for troubled ID management biz

Updated Okta has sent out breach notifications to almost 5,000 current and former employees, warning them that miscreants breached one of its third-party vendors and stole a file containing staff names, social security numbers, and health or medical insurance plan numbers.

The third-party, Rightway Healthcare, helps people compare healthcare providers and rates, and this includes Okta employees and their families. According to the notification, an "unauthorized" crook broke into Rightway's IT environment on September 23. The service informed Okta about the intrusion on October 12, nearly three weeks later.

"Upon discovering the incident, we promptly launched an investigation and reviewed the affected file to determine the extent of the impact to our current and former employees, and their dependents," Okta cybersecurity director and attorney Ronald Anderson wrote [PDF].

While the criminals scooped up a bunch of data belonging to 4,961 individuals, "we have no evidence to suggest that your personal information has been misused against you," the identity services provider assured its employees.

Still, as an "added precaution," all those affected will receive two years of free credit monitoring, identity restoration, and fraud detection services from Experian's IdentityWorks product.

Though this breach seems to be limited to Okta employees, the identity services providers' customers have also been hit with their share of security snafus over the past few months.

Back in August, Okta said "multiple" customers in the US had reported phishing attempts targeting their IT service teams in attempts to compromise user accounts with administrator permissions. These social engineering attacks began in July, and things went downhill from there as the victims' names started becoming public.

These customers included Las Vegas hotel and casino giants MGM Resorts and Caesars Entertainment. The latter reportedly paid a $15 million ransom demand to make the pain stop – but not before the intruders accessed data belonging to tens of thousands of customers. MGM said the attack cost it at least $100 million after it refused to pay up.

In October, Okta said it experienced a security breach that gave intruders access to sensitive customer files used for solving support tickets.

In an October 20 blog post, Okta CSO David Bradbury said the criminals used stolen credentials to gain access to Okta's support case management system and may have stolen HTTP Archive (HAR) files used to replicate browser activity for troubleshooting.

A few days later, 1Password said it was one of the Okta customers hit by the latest breach – but assured its customers that their login details are safe. ®

Updated to add

"An Okta vendor, Rightway Health, had a security incident in September 2023 in which files from April 2019 through 2020 were exfiltrated from its IT environment," a spokesperson for the ID biz told The Register.

"These contained personal information about employees and their dependents from 2019/2020. This incident does not relate to the use of Okta services and Okta services remain secure. No Okta customer data is impacted by this incident."

Send us news

Orgs are having a major identity crisis while crims reap the rewards

Hacking your way in is so 2022 – logging in is much easier

Feds dismantle Russian GRU botnet built on 1,000-plus home, small biz routers

Beijing, now Moscow.… Who else is hiding in broadband gateways?

Meet VexTrio, a network of 70K hijacked websites crooks use to sling malware, fraud

Some useful indicators of compromise right here

China's Volt Typhoon spies broke into emergency network of 'large' US city

Jeez, not now, Xi. Can't you see we've got an election and Ukraine and Gaza and cost of living and layoffs and ...

ALPHV blackmails Canadian pipeline after 'stealing 190GB of vital info'

Gang still going after critical infrastructure because it's, you know, critical

Ivanti devices hit by wave of exploits for latest security hole

At this point you might be better off just shutting the stuff down

Uncle Sam sweetens the pot with $15M bounty on Hive ransomware gang members

Honor among thieves about to be put to the test

The spyware business is booming despite government crackdowns

'Almost zero data being shared across the industry on this particular threat,' we're told

AnyDesk revokes signing certs, portal passwords after crooks sneak into systems

Horse, meet stable door

Crims found and exploited these two Microsoft bugs before Redmond fixed 'em

SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android

Apple promises to protect iMessage chats from quantum computers

Easy to defend against stuff that may never actually work – oh there we go again, being all cynical like

Google open sources file-identifying Magika AI for malware hunters and others

Cool, but it's 2024 – needs more hype, hand wringing, and flashy staged demos to be proper ML