Pierluigi Paganini November 02, 2023

Okta warns approximately 5,000 employees that their personal information was compromised due to a third-party vendor data breach.

Cloud identity and access management solutions provider Okta warns nearly 5,000 employees that their personal information was exposed due to a data breach suffered by the third-party vendor Rightway Healthcare.

According to the data breach notification, Rightway Healthcare notified Okta that an unauthorized actor gained access an eligibility census file maintained by the provider in its provision of services to Okta.

“On October 12, 2023, Rightway informed Okta that an unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta. Upon discovering the incident, we promptly launched an investigation and reviewed the affected file to determine the extent of the impact to our current and former employees, and their dependents.” reads the data breach notification sent to the impacted individuals and shared with the Office of the Maine Attorney General. “The investigation revealed that your personal information was contained in the impacted file. Rightway has indicated that the unauthorized activity occurred on September 23, 2023.”

Exposed data include name, Social Security Number, and health or medical insurance plan number. The notification states that the company is not aware of any misuse of the exposed personal information.

According to the Data Breach Notification, the security breach impacted a total of 4,961 employees.

Okta is offering them access to 24 months of complementary credit monitoring, identity restoration, and fraud detection services, through the Experian Identity Works product.

On October 20, 2023, Okta revealed that threat actors breached its support case management system and stole sensitive data that can be used in future attacks.

In early September, Okta warned customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. The company did not attribute the attack to a specific threat actor.

In December 2022, the American identity and access management giant revealed that its private GitHub repositories were hacked.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)