Okta Data Compromised Through Third-Party Vendor

After 1Password, MGM, and Caesars, yet more cybersecurity woes mount for the identity and access management company.

Becky Bracken, Senior Editor, Dark Reading, Senior Editor

November 2, 2023

3 Min Read
Okta logo
Source: imageBroker.com via Alamy Stock Photo

Okta is back on the record with another cybersecurity incident, this time via a breach of its third-party vendor, Rightway Healthcare, which has exposed the personal and healthcare data of nearly 5,000 Okta employees.

According to Okta's filing with the Maine Attorney General, the Rightway breach occurred on Sept. 23 and was discovered on Oct. 12.

Okta, in a statement, emphasized that only its employees, not its customers, were impacted by the incident.

"An Okta vendor, Rightway Health, had a security incident in September 2023 in which files from April 2019 through 2020 were exfiltrated from its IT environment," an Okta spokesperson explained. "These contained personal information about employees and their dependents from 2019/2020."

The statement added Okta services remain secure.

"On October 12, 2023, Rightway informed Okta that an unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta," a letter sent to compromised employees explained. "Upon discovering the incident, we promptly launched an investigation and reviewed the affected file to determine the extent of the impact to our current and former employees, and their dependents. The investigation revealed that your personal information was contained in the impacted file."

Compromised data included names, Social Security numbers, and health or medical insurance plans, a letter sent to potential victims by Okta read. The company added an offer for free identity and credit monitoring services.

Ongoing Okta Security Woes

Certainly, in comparison to recent compromises tied to Okta, this specific data leak by Rightway isn't a standout event; but it couldn't come at a worse time for the cybersecurity company.

From threat actors gaming the company's software platform to breach MGM Resorts to catastrophic effect in September, to October's incident when attackers compromised Okta's own systems to steal customer data, including session tokens and cookies (followed days later by a supply chain attack on its customer 1Password), it's been a rough few weeks for the identity and access management (IAM) vendor.

"If it weren't for seeing Okta's name in the press lately for some less than inspiring security events, I probably wouldn't even take any notice of this event," Netenrich's John Bambenek tells Dark Reading. "That being said, I should hope for their employees sake that they are taking this event seriously, and looking at what they can do to shore up the sensitive data that they are having their third-party vendors process on their behalf."

However, disclosure of another cybersecurity incident anywhere in its software supply chain could raise questions about Okta's overall security posture, particularly among its cybersecurity-conscious clientele.

"The trust of cybersecurity professionals can be fragile when it comes to data breaches," Critical Start threat intelligence research analyst Sarah Jones says. "While cybersecurity incidents can happen to any organization, the extent of trust loss depends on how well the company handles the situation."

Jones adds that Okta's response has been proactive and positive in this case. "Okta has taken steps to notify, and support affected individuals, offering credit monitoring services as a precaution," Jones adds. "However, long-term trust is contingent on the company's commitment to improving its security measures and preventing future breaches."

Asked about how Okta would reassure its customers it is taking proactive steps to shore up its overall cybersecurity posture, the company spokesperson said they are sticking to the statement, for now.

About the Author

Becky Bracken, Senior Editor, Dark Reading

Senior Editor, Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights