Rewterz Threat Update – Okta Warns About 5,000 Employees Having Data Exposed After Hacking of Third-Party Vendor

Severity

High

Analysis Summary

Okta, a cloud identity and access management solutions provider, disclosed about a data breach suffered by a third-party vendor Rightway Healthcare, resulting in nearly 5,000 of Okta’s employees having their personal information exposed.

According to the data breach notification, Okta was told by Rightway Healthcare that an unauthorized user gained access to an eligibility census file that was maintained by the provider as a service to Okta. Okta immediately launched an investigation to review the affected file in order to see how far it impacted the employees.

This incident happened on 23rd September, 2023 as declared by Rightway. The data that was exposed includes name, Social Security Number, and medical insurance plan number. The company does not know currently if the exposed personal information is being misused.

The data breach has impacted a total of 4,961 employees and Okta is offering them access to 24 months of complementary credit monitoring, fraud detection, and identity restoration services through their Experian Identity Works product.

This isn’t the first time Okta has its data leaked. Just recently on 20th October, Okta had its support case management system breached by threat actors who managed to steal sensitive data that can be used in future attacks.

In early September, Okta issued a warning to its customers of social engineering attacks that were being carried out by malicious users in order to gain escalated administrator privileges. The attacks were mainly targeted at the IT service desk staff to lure them into resetting all multi-factor authentication (MFA) factors that were registered by users with high privileges.

Back in December 2022, Okta revealed that its private GitHub repositories were hacked and the attackers managed to steal Okta’s source code.

Impact

• Information Exposure
• Sensitive Data Theft

Remediation

• Immediately disconnect or isolate the compromised systems from the network to prevent the malware from spreading further. This may involve shutting down affected servers or segments of the network.
• Conduct a thorough investigation to determine the extent of the breach, including identifying which systems and data were compromised.
• Implement measures to contain the breach and prevent further unauthorized access. This may involve patching vulnerabilities, resetting compromised credentials, and deploying updated security policies.
• Implement multi-factor authentication (MFA) and strong password policies to enhance access control.
• Regularly update and patch software and systems to mitigate vulnerabilities.
• Conduct regular security audits and penetration testing to identify and address weaknesses.
• Encrypt sensitive customer and investor data both in transit and at rest to prevent unauthorized access in case of a breach.
• Ensure secure storage of backups and sensitive information with access restricted to authorized personnel only.
• Develop a robust incident response plan that outlines steps to take in the event of a breach. This should include procedures for containment, investigation, and notification of affected parties.
• Develop a long-term cybersecurity strategy to prevent future incidents, including investing in advanced threat detection and response capabilities.