The US-based software firm Okta has disclosed a data breach caused by a third-party vendor, Rightway Healthcare, Inc., which exposed the personal information of around 5,000 workers.
Okta uses Rightway as a vendor to assist its Okta workers and dependents in finding healthcare coverage.
Within two weeks of Okta announcing that a threat actor had accessed its support system and disclosed sensitive information uploaded by Okta customers, another incident occurred at Rightway.
Unauthorized Actor Gained Access To An Eligibility Census File
On October 12, 2023, Rightway notified Okta that in the course of providing services to Okta, an unauthorized actor had obtained access to an eligibility census file that Rightway maintained.
When Okta learned about the incident, it started an inquiry and went over the relevant file to figure out how much it affected its former and current workers and their families.
Ensure your Cyber Resiliance with the recent wave of cyber-attacks targeting the financial services sector. Almost 60% respondents not confident to recover fully from a cyber attack.
“The investigation revealed that your personal information was contained in the impacted file,” Okta stated in the data breach notification.
According to Rightway, the unauthorized activity took place on September 23, 2023.
The affected eligibility census file contains the following various types of personal information:
- Name
- Social Security number
- Health or medical insurance plan number
A total of 4,961 employees were affected by the incident, according to Okta’s notification to the Office of the Maine Attorney General.
“We have no evidence to suggest that your personal information has been misused against you,” the company said.
Although the company does not currently have any proof that personal information has been misused, as an extra precaution, it is providing users with a 24-month complimentary credit monitoring, identity restoration, and fraud detection service through Experian’s IdentityWorks product.
The organization urges staff members to check their account statements, keep an eye out for questionable behavior on their credit reports, and be alert against instances of fraud and identity theft.
Early in September, Okta also alerted users about current social engineering scams used by threat actors to get elevated administrator privileges.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.