Okta Data Compromised Through Third-Party Vendor

  /     /     /  
Publicated : 23/11/2024   Category : security


Okta Data Compromised Through Third-Party Vendor


After 1Password, MGM, and Caesars, yet more cybersecurity woes mount for the identity and access management company.



Okta is back on the record with another cybersecurity incident, this time via a breach of its third-party vendor, Rightway Healthcare, which has exposed the personal and healthcare data of nearly 5,000 Okta employees.
According to
Oktas filing with the Maine Attorney General,
the Rightway breach occurred on Sept. 23 and was discovered on Oct. 12.
Okta, in a statement, emphasized that only its employees, not its customers, were impacted by the incident.
An Okta vendor, Rightway Health, had a security incident in September 2023 in which files from April 2019 through 2020 were exfiltrated from its IT environment, an Okta spokesperson explained. These contained personal information about employees and their dependents from 2019/2020.
The statement added Okta services remain secure.
On October 12, 2023, Rightway informed Okta that an unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta, a letter sent to compromised employees explained. Upon discovering the incident, we promptly launched an investigation and reviewed the affected file to determine the extent of the impact to our current and former employees, and their dependents. The investigation revealed that your personal information was contained in the impacted file.
Compromised data included names, Social Security numbers, and health or medical insurance plans, a
letter sent to potential victims
by Okta read. The company added an offer for free identity and credit monitoring services.
Certainly, in comparison to recent compromises tied to Okta, this specific data leak by Rightway isnt a standout event; but it couldnt come at a worse time for the cybersecurity company.
From threat actors gaming the companys software platform to
breach MGM Resorts
to catastrophic effect in September, to Octobers incident when attackers
compromised Oktas own systems
to steal customer data, including session tokens and cookies (followed days later by a
supply chain attack on its customer 1Password),
its been a rough few weeks for the identity and access management (IAM) vendor.
If it werent for seeing Oktas name in the press lately for some less than inspiring security events, I probably wouldnt even take any notice of this event, Netenrichs John Bambenek tells Dark Reading. That being said, I should hope for their employees sake that they are taking this event seriously, and looking at what they can do to shore up the sensitive data that they are having their third-party vendors process on their behalf.
However, disclosure of another cybersecurity incident anywhere in its software supply chain could raise questions about Oktas overall security posture, particularly among its cybersecurity-conscious clientele.
The trust of cybersecurity professionals can be fragile when it comes to data breaches, Critical Start threat intelligence research analyst Sarah Jones says. While cybersecurity incidents can happen to any organization, the extent of trust loss depends on how well the company handles the situation.
Jones adds that Oktas response has been proactive and positive in this case. Okta has taken steps to notify, and support affected individuals, offering credit monitoring services as a precaution, Jones adds. However, long-term trust is contingent on the companys commitment to improving its security measures and preventing future breaches.
Asked about how Okta would reassure its customers it is taking proactive steps to shore up its overall cybersecurity posture, the company spokesperson said they are sticking to the statement, for now.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Okta Data Compromised Through Third-Party Vendor