EnergySys and the Okta LAPSUS$ Security Incident

Okta Security Incident Background  

On 22 March 2022, Okta, the identity provider we currently use for authentication, announced a security risk for some users. They have assessed the risk as low, reporting that only 2.5% of users could be affected, all of whom were advised prior to the public announcement. 

In January 2022, they detected an unsuccessful attempt to compromise a customer support engineer account working for a third-party provider. Their investigation identified a five-day period where the attacker had access to a support engineer’s laptop.  

Okta’s most recent update on the incident advises a small percentage of customers (approximately 2.5%) may have been impacted and their data may have been viewed or acted upon. The impact is limited to the access a support engineer has. Namely facilitating password and multi-factor authentication factor resets but not the ability to obtain passwords or user lists.  

Okta advise they have reached out to all customers impacted and have confirmed to us that no EnergySys users were affected. 

Action 

We take security extremely seriously at EnergySys. Despite Okta’s reassurance that none of our users were impacted, and as per our ISO 27001 certified process, we mobilised our Incident Response Team to assess any risk to our users. In particular, any user that changed their password during the incident has been investigated for unusual access patterns, during and since the incident. The outcome of the investigation was that there was no unusual user behavior and no user accounts or information was compromised, and no further action was required. 

We will continue to monitor updates from Okta, and the team will take any action required if the circumstances change.