EnergySys and the Okta LAPSUS$ Security Incident

Okta Security Incident Background  

On 22 March 2022, Okta, the identity provider we currently use for authentication, announced a security risk for some users. They have assessed the risk as low, reporting that only 2.5% of users could be affected, all of whom were advised prior to the public announcement. 

In January 2022, they detected an unsuccessful attempt to compromise a customer support engineer account working for a third-party provider. Their investigation identified a five-day period where the attacker had access to a support engineer’s laptop.  

Okta’s most recent update on the incident advises a small percentage of customers (approximately 2.5%) may have been impacted and their data may have been viewed or acted upon. The impact is limited to the access a support engineer has. Namely facilitating password and multi-factor authentication factor resets but not the ability to obtain passwords or user lists.  

Okta advise they have reached out to all customers impacted and have confirmed to us that no EnergySys users were affected. 

Action 

We take security extremely seriously at EnergySys. Despite Okta’s reassurance that none of our users were impacted, and as per our ISO 27001 certified process, we mobilised our Incident Response Team to assess any risk to our users. In particular, any user that changed their password during the incident has been investigated for unusual access patterns, during and since the incident. The outcome of the investigation was that there was no unusual user behavior and no user accounts or information was compromised, and no further action was required. 

We will continue to monitor updates from Okta, and the team will take any action required if the circumstances change. 

Try more from our latest Resources

EnergySys Appoint New Directors to UK Board as Part of Growth Plan

We are delighted to announce the appointment of two new Directors to the UK board. As part of a long-term growth plan, Kirsty and Stuart will help the business develop a strong partner network and support for oil and gas businesses looking at energy transition.

Screenshot of EnergySys and Power BI dashboards

Power BI and EnergySys: Ad Hoc Reporting

A quick introduction to the navigation and layout of the EnergySys Cloud Platform, this video explores the basics of getting around the user interface, including high-level navigation, modules, and the online manuals.

Software as a Service vs On-premises: Finding the True Value of SaaS

We have a fantastic relationship with AWS, relying on their infrastructure to power the EnergySys Cloud Platform. Together we have a strong history of delivering exceptional customer success in the energy industry. We currently hold data for over 56% of the North Sea Hydrocarbons and almost 70% of Australian production.

See all