Okta says 366 customers potentially affected in data breach

Written by
Mar 23, 2022 | CYBERSCOOP

Okta, the identity authentication company whose customers were targeted by a prolific cybercrime group in a late-January breach, said Wednesday that 366 customers’ accounts were potentially accessed as part of the incident.

In a nine-minute Zoom call Wednesday, the company’s chief security officer, David Bradbury, said that number represents the maximum of customer accounts accessed by third-party contractors during a five-day window when hackers had gained entry to a contractor’s laptop.

Bradbury added that he was “greatly disappointed by the long period of time” between when the incident occurred and March 17, when a summary of a third-party investigation of the incident became available. An unnamed company was hired to examine what happened at Sitel Group, the Miami-based contractor providing outsourced contact center services.

“Upon reflection, once we received the Sitel summary report, we should have moved more swiftly to understand its implications,” he said.

A laptop belonging to a contractor with Sitel was accessed by the hacking group Lapsus$ in January. Lapsus$ posted screenshots of the incident to its Telegram channel earlier this week, which showed Okta’s Slack channels and a “Superuser” dashboard for Cloudlfare, a major

Read More: https://www.cyberscoop.com/okta-breach-366-customers/