1. News
  2. Cybersecurity News

Okta suffers data breach affecting thousands of businesses and agencies

The affected companies handle loads of consumer data

Data breach concept
Photo (c) Andrii Yalanskyi - Getty Images
Okta, an authentication services provider, announced that it has suffered a data breach. The company told Reuters that hackers have already gone as far as posting screenshots of parts of Okta’s internal company environment.

If the hack is real, the snowball effect could be large. Okta claims to serve more than 15,000 brands by securing their digital interactions with consumers and employees. T-Mobile, Albertson’s, FedEx, Sonos, and Nasdaq are all clients of the company -- and those companies are potentially loaded with a cornucopia of personal data.

The hackers appear to be from a group called Lapsus$ – the same extortion group that took responsibility for the Samsung Galaxy breach earlier this month. The group claims that it has had “Superuser/Admin” access to Okta’s systems for more than a month; however, the hackers said their focus was “only on Okta customers.”

In a statement, Chris Hollis, a Senior Manager of Security and Crisis Communications at Okta, said the breach might be related to a previous incident in January that the company previously addressed.

"We believe the screenshots shared online are connected to this January event," he said. "Based on our investigation to date, there is no evidence of ongoing malicious activity beyond the activity detected in January.”

Putting consumer’s data security on heightened alert

With the possibility of the Russia-Ukraine conflict spilling over into a cyberattack on Americans and U.S. businesses, President Biden is not leaving anything to chance. In a roundtable discussion with CEOs on Monday, he said one of the tools Russia is most likely to use is cyberattacks. 

“The private sector, all of you, largely decides the protections that we will or will not take in order to protect your sources,” the president warned.

“But let me be absolutely clear about something: It’s not just in your interests that are at stake with their potential use of cybersecurity … the national interest is at stake."

How do consumers protect their data?

Mark Kapczynski of OneRep – a company that assists the public in removing their private data from the web –  says many people use careless internet habits and run the risk of compromising their own privacy.

“Remember that cool site with a giveaway that you gave your personal information to? Well, more than likely they sold it to a larger data aggregator like TransUnion, which pulls in millions of consumer data points and then sells all of our consumer personal information in bulk to these people search sites,” he said.

Kapczynski says consumers should take advantage of different privacy tools to ensure that their personal information stays secure.

“If you are going to share your information online with various sites, use some of the new email and phone number hiding tools within your iPhone, and/or get an email address and phone number that is dedicated only for your online activities and can easily be deleted or discarded. Most importantly, never give out personal data to online sites unless you know them to be trustworthy and respect consumer privacy,” he suggested.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.