EnergySys and the Okta LAPSUS$ Security Incident

Okta Security Incident Background  

On 22 March 2022, Okta, the identity provider we currently use for authentication, announced a security risk for some users. They have assessed the risk as low, reporting that only 2.5% of users could be affected, all of whom were advised prior to the public announcement. 

In January 2022, they detected an unsuccessful attempt to compromise a customer support engineer account working for a third-party provider. Their investigation identified a five-day period where the attacker had access to a support engineer’s laptop.  

Okta’s most recent update on the incident advises a small percentage of customers (approximately 2.5%) may have been impacted and their data may have been viewed or acted upon. The impact is limited to the access a support engineer has. Namely facilitating password and multi-factor authentication factor resets but not the ability to obtain passwords or user lists.  

Okta advise they have reached out to all customers impacted and have confirmed to us that no EnergySys users were affected. 


We take security extremely seriously at EnergySys. Despite Okta’s reassurance that none of our users were impacted, and as per our ISO 27001 certified process, we mobilised our Incident Response Team to assess any risk to our users. In particular, any user that changed their password during the incident has been investigated for unusual access patterns, during and since the incident. The outcome of the investigation was that there was no unusual user behavior and no user accounts or information was compromised, and no further action was required. 

We will continue to monitor updates from Okta, and the team will take any action required if the circumstances change. 

Try more from our latest Resources

Complex problems made simple

Energy businesses are turning to low-code to support fast decision making, quick change management and improve competitive advantage through agility. In this paper we demonstrate how easy it is to configure an application in EnergySys. Using a pipeline network as an example, understand the process of configuring EnergySys to support the business in finding the most ‘efficient’ route across a network.


Ancala Midstream Unlocks Scalability and Agility for Its Oil and Gas Operations

Independent operator Ancala Midstream Acquisitions Limited streamlined asset management for its complex North Sea business by adopting EnergySys’ low code software. Since implementing this cloud-native solution, the oil and gas company is better managing its diverse operations and has achieved newfound business agility.

Greenhouse gas emissions tracking: making it count

In this paper, co-authored with Fabio Terzini, Lead Engineer at Elite Energy Consultants, we discuss the benefits of having a Greenhouse Gas Emissions and Energy application aligned with the Production Allocation system in a centralised and structured database.

See all