A recent cybersecurity breach has once again hit identity and authentication management provider, Okta. However, this time the breach was not directly against Okta itself but against a third-party vendor, Rightway Healthcare. The breach allowed hackers to steal personal information belonging to approximately 5,000 Okta employees.
Rightway Healthcare is a service that Okta uses to assist employees and their dependents in finding healthcare providers and plan rates. Unknown threat actors were able to gain access to Rightway’s network and retrieve an eligibility census file that the vendor had on behalf of Okta. The file contained sensitive personal information, such as employee names, Social Security numbers, and health or medical insurance plan numbers.
Okta became aware of the breach and data theft on October 12 but did not disclose it until three weeks later. The compromised data pertains to 4,961 Okta employees and their dependents from 2019 and 2020.
An investigation conducted by Okta revealed that the breach occurred after the intruder gained access to a Rightway employee’s cell phone. Using this access, they manipulated credentials and accessed the files, which were then exfiltrated from Rightway’s IT environment.
It is important to note that this incident does not impact the use of Okta services, as the company’s services remain secure. No customer data from Okta has been compromised in this breach.
This breach comes just two weeks after Okta disclosed a separate incident in which hackers compromised its customer support system and obtained credentials that allowed them to gain control of customers’ internal Okta administration accounts. The attackers then utilized these credentials to target other customers, including 1Password, BeyondTrust, and Cloudflare.
Okta has faced criticism in the past for its handling of security breaches. In response to a previous breach, Cloudflare urged Okta to prioritize quicker action, enhanced disclosures, and increased security measures such as the use of hardware keys to protect internal systems and third-party support providers.
Although Okta has initiated an investigation into this recent breach, it highlights the importance of maintaining robust cybersecurity measures, even for trusted third-party vendors.
FAQ:
Q: Was any customer data from Okta impacted by this breach?
A: No, this breach only exposed personal information of Okta employees.
Q: What information was stolen during the breach?
A: The compromised file contained employee names, Social Security numbers, and health or medical insurance plan numbers.
Q: How did the hackers gain access to the files?
A: The hackers gained access to the files by manipulating credentials after compromising a Rightway employee’s cell phone.
Q: How has Okta responded to this breach?
A: Okta opened an investigation immediately after learning of the breach and has taken steps to enhance its cybersecurity measures.