Author of the article:
WASHINGTON — Shares in Okta Inc fell 10.5% on Wednesday after the U.S. digital authentication firm said hundreds of its customers may have been affected by a security breach involving hacking group Lapsus$.
The breach sparked concern as the cyber extortion gang had posted what appeared to be internal screenshots from within the organization’s network roughly a day ago.
Okta’s Chief Security Officer David Bradbury said in a series of blog posts https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise that the “maximum potential impact” was to 366 customers whose data was accessed by an outside contractor.
Advertisement 2
The contractor, the Miami-based Sitel Group, employed an engineer whose laptop the hackers had hijacked, Bradbury said, adding that the 366 figure represented a “worst case scenario” and that the hackers had been constrained in their range of possible actions.
A representative for Sykes, a subsidiary of the Sitel Group, said in an emailed statement that the company was unable to comment on its relationship to its customers but it undertook an “immediate and comprehensive” investigation into the breach and had since determined there was no longer a security risk.
San Francisco-based Okta helps employees of more than 15,000 organizations securely access their networks and applications, so any breach there could have serious consequences.
Advertisement 3
Bradbury said the intruders would have been unable to perform actions such as downloading customer databases or accessing Okta’s source code.
Okta has been criticized for its reaction to the hack, especially as it emerged that the company either had known – or could have known – that there was a problem much earlier.
Okta first got wind of a potential breach in January, Bradbury said, explaining that it warned the Sitel Group right away. But it was only on March 10 that Sitel received a forensic report about the incident, giving Okta a summary of the findings a week later.
Bradbury said he was “greatly disappointed by the long period of time that transpired between our notification to Sitel and the issuance of the complete investigation report.”
The hack – and Okta’s response – has made some investors nervous. Its stock market swoon put it on track for the worst one-day percentage drop in two years, and Raymond James Equity Research downgraded the stock from “strong buy” to “market perform,” in part citing Okta’s handling of the incident. (Reporting by Raphael Satter. Editing by Shri Navaratnam, Bernadette Baum, Alexander Smith and Bernard Orr)
Financial Post Top Stories
Sign up to receive the daily top stories from the Financial Post, a division of Postmedia Network Inc.
By clicking on the sign up button you consent to receive the above newsletter from Postmedia Network Inc. You may unsubscribe any time by clicking on the unsubscribe link at the bottom of our emails. Postmedia Network Inc. | 365 Bloor Street East, Toronto, Ontario, M4W 3L4 | 416-383-2300
