Data breach reported by Suffolk County computer security vendor

A computer security application that Suffolk County installed last year to protect its systems in the wake of a 2022 cyberattack has itself been the subject of a data breach, leading Suffolk this week to alert its computer administrators to potential new attacks.

In an email obtained by Newsday, Suffolk’s computer team notified administrators across its network that a breach last month of computer security company Okta could result in attempts by hackers to gain access to systems protected by the measures.

Okta makes a security product known as a multi-factor authentication which verifies the identity of users requiring a unique security code sent to a cellphone or email system outside the primary work address.

A copy of an email sent to IT administrators in Suffolk on Wednesday noted that Okta “just revealed” that a “threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users.”

It notes that every administrator that has “ever been created for our Okta tenant is present in this report.”

For Suffolk and other customers, the breach means there is a “possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks.” Such attacks lure computer users into exposing sign-in or password information by appearing to come from legitimate sources.

Suffolk alerted its administrators to “ensure that all” have multi-factor authentication enrolled and activated to “protect not only the customer support system, but also to secure access to their Okta admin console.”

“I just wanted to let you know so you can be vigilant…