Okta security incident 10.20.23
What Happened
On October 20th, 2023, Okta notified customers that they experienced a security event where a threat actor gained access to Okta’s support system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases. It should be noted that the Okta support case management system is separate from the production Okta service, which is fully operational and has not been impacted.
Okta notified all customers that had been impacted. Neither CIT or our customers utilizing Okta have been notified and therefore unaffected by this event. Additionally, CIT has not provided any files to Okta support recently.
Closing Thoughts
We are providing this update to provide clarity around the event. CIT places great emphasis on the security of our critical systems and continues to implement the zero-trust initiatives to ensure legitimate access to our systems. Additionally, CIT places heavy emphasis on monitoring and alerting of critical events within our environment to identify events such as this.