Lack of speedy notification was 'a mistake,' Okta says

Written by
Mar 28, 2022 | CYBERSCOOP

“We want to acknowledge that we made a mistake,” identity authentication company Okta said Friday regarding a two-month delay in notifying customers about a compromised account at a third-party contractor that potentially exposed customers to risk.

The statement came on a frequently asked questions page that included a timeline for the incident at the customer service contractor Sitel in January and provided more details about Okta’s response. Security experts and customers widely criticized Okta last week for not being more transparent about what happened.

“Sitel is our service provider for which we are ultimately responsible,” Okta said.

Okta did not publicly comment on the intrusion until March 22, after the cybercrime group Lapsus$ posted screenshots showing access to some aspects of the company’s network.

“On January 20, 2022, the Okta Security team was alerted that a new factor was added to a Sitel customer support engineer’s Okta account. This factor was a password,” Okta said Friday. “Although that individual attempt was unsuccessful, out of an abundance of caution, we reset the account and notified Sitel, a third-party vendor that helps us provide customer support, and Sitel engaged a

Read More: