EnergySys and the Okta LAPSUS$ Security Incident

Okta Security Incident Background  

On 22 March 2022, Okta, the identity provider we currently use for authentication, announced a security risk for some users. They have assessed the risk as low, reporting that only 2.5% of users could be affected, all of whom were advised prior to the public announcement. 

In January 2022, they detected an unsuccessful attempt to compromise a customer support engineer account working for a third-party provider. Their investigation identified a five-day period where the attacker had access to a support engineer’s laptop.  

Okta’s most recent update on the incident advises a small percentage of customers (approximately 2.5%) may have been impacted and their data may have been viewed or acted upon. The impact is limited to the access a support engineer has. Namely facilitating password and multi-factor authentication factor resets but not the ability to obtain passwords or user lists.  

Okta advise they have reached out to all customers impacted and have confirmed to us that no EnergySys users were affected. 

Action 

We take security extremely seriously at EnergySys. Despite Okta’s reassurance that none of our users were impacted, and as per our ISO 27001 certified process, we mobilised our Incident Response Team to assess any risk to our users. In particular, any user that changed their password during the incident has been investigated for unusual access patterns, during and since the incident. The outcome of the investigation was that there was no unusual user behavior and no user accounts or information was compromised, and no further action was required. 

We will continue to monitor updates from Okta, and the team will take any action required if the circumstances change. 

Try more from our latest Resources

ELS logo

Equity Lifting Solutions Pty Ltd Announced as the Latest EnergySys Reseller Partner

EnergySys' growth in the APAC region is something we’re immensely proud of and is testimony to a growing need for flexible, value-driven software within an increasingly agile energy industry. Our partnership with ELS will ensure that customers have access to powerful solutions that meet the unique challenges of the LNG market.

Email Security with the EnergySys Platform

Okta, the identity provider we currently use for authentication, announced a security incident on 22 March 2022. Following an investigation they advised the risk as low, impacting only 2.5% of customers.We take security extremely seriously at EnergySys. Despite Okta’s reassurance that none of our users were impacted, and as per our ISO 27001 certified process, we mobilised our Incident Response Team to assess any risk to our users.

EnergySys and the Okta LAPSUS$ Security Incident

Okta, the identity provider we currently use for authentication, announced a security incident on 22 March 2022. Following an investigation they advised the risk as low, impacting only 2.5% of customers.We take security extremely seriously at EnergySys. Despite Okta’s reassurance that none of our users were impacted, and as per our ISO 27001 certified process, we mobilised our Incident Response Team to assess any risk to our users.

See all