Security News > 2022 > April > Okta: Lapsus$ breach lasted only 25 minutes, hit 2 customers
Identity and access management firm Okta says an investigation into the January Lapsus$ breach concluded the incident's impact was significantly smaller than expected.
Okta admitted last month it made a mistake delaying the disclosure of a January breach from the Lapsus$ data extortion group, an error caused by the company not being aware of the extent of the incident and its impact on customers.
Initially, Okta said that a Lapsus$ hacker obtained Remote Desktop access to a Sitel support engineer's laptop over "a five-day window" between January 16 and January 21.
Okta later said that 366 of its customers were impacted by the incident.
"We recognize how critical Okta is to so many organizations and the individuals who rely on them, and are more determined than ever to deliver for them."
Okta is a publicly-traded company worth over $6 billion and employing over 5,000 people worldwide that provides identity management and authentication services to over 15,000 organizations around the globe.