×

Description

On March 22nd 2022, Okta identity management platform reported data breach by digital extortion group Lapsus$, and the incident occurred in January 2022


Affected Products and Patch Information

MetricStream as an organization does not use Okta products or services in its environment. Vendors or suppliers who have access to our environment either do not use Okta, or there is no impact on the MetricStream environment.


Summary

MetricStream is not impacted by Okta's "Lapsus$" security Incident, and MetricStream did not receive any notification from Okta about the incident.

MetricStream continuously monitors updates on the threat vector and reevaluates risk accordingly; updates to this notice if required, will be posted on the Trust Site.


Advisory

March 29, 2022

For customers using MetricStream CLOUD

Infrastructure Layer - Multi-Factor Authentication is configured to access the MetricStream production environment, and the network is monitored for suspicious activities.

Application Layer - MetricStream product supports Okta integration. Customers who configured the MetricStream application to use Okta integration are recommended to perform an impact assessment. It is the customer’s responsibility to notify the application users if there is an incident.

For customers using ON-PREM solution

Customers should perform impact assessments on their infrastructure and application layers.


References

Blogs

Okta investigating reports of possible digital breach

Okta Says It Goofed in Handling the Lapsus$ Attack

Ready to get started?

Speak to our experts