Identity and authentication management provider Okta has been hit by another breach, this one against a third-party vendor that allowed hackers to steal personal information for 5,000 Okta employees.
The compromise was carried out in late September against Rightway Healthcare, a service Okta uses to support employees and their dependents in finding health care providers and plan rates. An unidentified threat actor gained access to Rightway’s network and made off with an eligibility census file the vendor maintained on behalf of Okta. Okta learned of the compromise and data theft on October 12 and didn’t disclose it until Thursday, exactly three weeks later.
“The types of personal information contained in the impacted eligibility census file included your Name, Social Security Number, and health or medical insurance plan number,” a letter sent to affected Okta employees stated. “We have no evidence to suggest that your personal information has been misused against you.”