Okta, which markets itself as a “leading provider of identity” in the health care, public sector, energy, financial services, technology, travel and hospitality, and nonprofit industries, has notified some of its customers that data may have been accessed by cybercriminal group LAPSUS$. (Late breaking news—LAPSUS$ may be a teenager living in the U.K.). According to Okta, in late January it “detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors.” According to the forensic investigation, an attacker had access to the support engineer’s laptop for five days in January.

On March 22, 2022, LAPSUS$ posted screenshots of data that it allegedly exfiltrated from the support engineer’s laptop. According to Okta, it continues to investigate the incident and has “concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and already reached out directly by email.”

Okta has stated that “There is no impact to Auth0 customers, and there is no impact to HIPAA and FedRAMP customers.” In addition, Okta has stated that its service “is fully operational, and there are no corrective actions our customers need to take.”