Okta confirms investigation into potential breach
Image: Florian Krumm
Andrea Peterson March 22, 2022

Okta confirms investigation into potential breach

Andrea Peterson

March 22, 2022

Okta confirms investigation into potential breach

Okta, a major Single Sign-On provider that allows people to use one account to log into multiple digital services, confirmed to The Record Tuesday it is investigating a potential breach after the Lapsus$ cybercrime gang claimed access to its systems. 

“Okta is aware of the reports and is currently investigating,” Okta senior communications manager Chris Hollis told The Record via email. “We will provide updates as more information becomes available.” Reuters first confirmed the investigation.

Lapsus$ is a recently emerging threat actor that has been linked to attacks on elements of digital infrastructure, including chipmaker NVIDIA, in its chaotic run so far. If verified, an attack on Okta would represent a major attack on digital supply chains

Securing digital supply chains has been a major focus for the U.S. Cybersecurity and Infrastructure Agency (CISA) in recent years. 

CISA and U.S. President Joe Biden both warned of potential threats Monday based on “evolving intelligence” about Russian state-backed attempts to interfere with critical infrastructure in response to financial sanctions over the Russian invasion of Ukraine.

“If you have not already done so, I urge our private sector partners to harden your cyber defenses immediately by implementing the best practices we have developed together over the last year,” Biden said in a statement Monday. 

Andrea (they/them) is senior policy correspondent at The Record and a longtime cybersecurity journalist who cut their teeth covering technology policy ThinkProgress (RIP), then The Washington Post from 2013 through 2016, before doing deep dive public records investigations at the Project on Government Oversight and American Oversight. Their work has also been published at Slate, Politico, The Daily Beast, Ars Technica, Protocol, and other outlets. Peterson also produces independent creative projects under their Plain Great Productions brand and can generally be found online as kansasalps.