Otka verify service management company is continuing the recovery process of a data breach that has been ongoing since October. Otka is the two-factor authentication platform used by Saint Anselm College for many applications, including Canvas and college email accounts. Further research into the hack has shown a far larger security breach than previously detected by the company.
According to Chief Information Officer Steve Mcdevitt, there is no easily understandable explanation that would be understood by most users. “The technical terrain in which these attacks occur is very complex. The attack vectors and actors use very sophisticated technical approaches, social engineering, and human behaviors to attempt to obtain unauthorized access to systems,” McDevitt said. “This issue with Okta was not a technical failure, but a social engineering / human failure on the part of Okta and their internal customer support procedures”
Upon further investigation done within the company, Otka disclosed that the breach had resulted in the theft of all commercial users’ names and email addresses. The information was released through a filing with the US Securities and Exchange Commission. However, Otka says that no data of its federal users has been compromised because it is stored in a separate server.
As the main cyber security outlet for the college, it is noteworthy that the company has suffered such a serious breach. “The college uses Okta as one facet of our system security and access control. At this point we have no plan to change to another provider,” McDevitt said. The college recently began two-factor authentication for email accounts last month through Otka Verification.
This is not the first time Otka has been breached. In March 2022, the company suffered a hack that affected a reported 300 users. However, the company claimed that the hack was quickly resolved and affected a much smaller number of users. Regardless, Otka has still suffered two breaches in less than two years, a concerning statistic for a cyber security company.
Despite the breach, the college has no plans to pivot away from Otka Verification. Otka says that work to secure the breach is a priority and ongoing.