Okta employees impacted by Rightway third-party breach


Okta cloud authentication software provider confirms another breach – this time, through Rightway Healthcare, a third-party healthcare vendor it uses – exposing the sensitive data of thousands of employees.

Okta filed a “Notice of Data Breach” with the Office of the Maine Attorney General Thursday,

“We write to share important information with you about a recent data security incident experienced by our third-party vendor, Rightway Healthcare, Inc. (“Rightway”), that may have impacted your personal information,” the notification letter states.

ADVERTISEMENT

According to Okta, they were notified of the Rightway breach October 12th, although the actual breach took place September 23rd.

“An unauthorized actor gained access to an eligibility census file maintained by Rightway in its provision of services to Okta,” the San Francisco-based identity and access management company said.

Rightway Healthcare is an employee health benefits service provider. The Maine Attorney General's office states that at least 4,961 people have been affected.

Emsisoft Threat Analyst @Brett Callow posted about the "data security incident” on X.

Okta said after an investigation and review of “the affected file” and the possible impact on “current and former employees, and their dependents,” it was determined that “personal information was contained in the impacted file.”

The types of information contained in the eligibility census file included individual names, Social Security numbers, as well as health or medical insurance plan numbers.

Okta stated it had “no evidence to suggest that your personal information has been misused against you.”

ADVERTISEMENT

Besides informing all affected individuals by mail, the company said it will offer the opportunity to enroll in 24 months of complimentary credit monitoring, identity restoration, and fraud detection services.

Okta's fourth breach

This is Okta’s fourth breach reported in the past year, including two instances that took place over the past few months.

The IT service management company Cloudflare announced unauthorized access to its Okta instance on October 18th, while the password management company 1Password reported it detected suspicious activity on its Okta instance on September 29th.

Back in December 2022, Okta had its private GitHub code repositories hacked.

None of the incidents were reported to have compromised any sensitive information of Okta customers, nor from either of the American technology companies.

Okta provides security technology for business, government, and other organizations. Some of the largest Okta customers are Zoom, Sonos, Bain & Company, T-Mobile, Hewlett Packard and others.