Almost 5000 people, including current and former employees of OKTA and their families, are facing a security threat due to a leakage of personal information by a third-party supplier. This supplier provides OKTA services in the healthcare field.
The impact of this information was significant. Rightway Healthcare, a company that assists in finding medical institutions and determining the cost of services for OKTA employees, fell victim to a hacker attack on September 23. It was later discovered on October 12 that unauthorized access to files had occurred, compromising important data. The incident has been reported by OKTA to the regulators. (Source: report)
Upon discovering the breach, OKTA immediately activated an investigation and assessed the extent of the problem. They determined that personal data, including names, social insurance numbers, and medical insurance plan numbers, had been compromised. A total of 4961 individuals had their data accessed without authorization.
In response, OKTA offered support to those affected, providing them with a two-year free service for monitoring financial transactions, identity restoration services, and a system for detecting financial fraud.
Representatives from OKTA have informed the news agency Recorded Future News that the incident with Rightway Healthcare does not directly impact the use of OKTA services and that the security of their systems remains uncompromised. They also reassured customers that their data remains safe. (Source: report)
It is worth noting that this is not the first major cybersecurity incident in OKTA’s systems. In September, hackers gained super-administrator privileges by conducting social engineering attacks on support specialists. Additionally, in December 2022, cybercriminals hacked the Octa repository on GitHub and stole source code.
In October, suspicious activity related to the incident in the customer support system was detected in the copy of OKTA used by the popular password manager, 1password. 1password utilizes OKTA services, which is the largest supplier of security tools for managing applications for employees.