Description
On March 22nd 2022, Okta identity management platform reported data breach by digital extortion group Lapsus$, and the incident occurred in January 2022
Affected Products and Patch Information
MetricStream as an organization does not use Okta products or services in its environment. Vendors or suppliers who have access to our environment either do not use Okta, or there is no impact on the MetricStream environment.
Summary
MetricStream is not impacted by Okta's "Lapsus$" security Incident, and MetricStream did not receive any notification from Okta about the incident.
MetricStream continuously monitors updates on the threat vector and reevaluates risk accordingly; updates to this notice if required, will be posted on the Trust Site.
Advisory
March 29, 2022
For customers using MetricStream CLOUD
Infrastructure Layer - Multi-Factor Authentication is configured to access the MetricStream production environment, and the network is monitored for suspicious activities.
Application Layer - MetricStream product supports Okta integration. Customers who configured the MetricStream application to use Okta integration are recommended to perform an impact assessment. It is the customer’s responsibility to notify the application users if there is an incident.
For customers using ON-PREM solution
Customers should perform impact assessments on their infrastructure and application layers.
