Okta, a cloud identity and access management solutions provider, has disclosed a new data breach affecting around 5,000 employees. The breach is the result of a security incident involving third-party vendor Rightway Healthcare. Rightway Healthcare reported unauthorized access to an eligibility census file it maintained while providing services to Okta.
Furthermore, the breach notification revealed that personal information, including names, Social Security Numbers, and health or medical insurance plan numbers, was exposed, but the company is not aware of any misuse of the exposed data. Okta is offering affected employees 24 months of credit monitoring, identity restoration, and fraud detection services through Experian Identity Works.
In addition to this incident, on October 20, 2023, Okta disclosed another security breach in which threat actors breached the support case management system, potentially compromising sensitive data for future attacks.
In early September, Okta warned its customers of social engineering attacks conducted by threat actors, aiming to obtain elevated administrator permissions. These attacks targeted IT service desk staff, tricking them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. Okta did not attribute this attack to any specific threat actor. Furthermore, in December 2022, the company revealed a breach involving its private GitHub repositories.