Lapsus$ caused a data breach at authentication specialist Okta. The data of 366 customers is at stake. Okta confirmed the incident today.

On Monday, Lapsus$ shared screenshots of an internal Okta admin account. The crime group claimed to have access to customer accounts. Today, the claim appears to be a reality. Okta CSO David Bradbury confirms that Lapsus$ hacked a subcontractor’s admin account.

Lapsus$ captured the data of up to 366 customers. That’s the number of customers the hacked account was able to access.

Slow response from Okta

On January 20, Okta detected a suspicious account. On January 21, access was blocked. The account belonged to Sitel, a subcontractor of Okta. Sitel hired a forensic investigator to analyze the damage.

Last week, Okta received the investigation report. Though the culprit wasn’t revealed, potential damages were clear as day. Okta has been able to notify potential victims since receiving the report. Alas, the organization did not. Okta apologizes for the slow handling of the incident.

Lapsus$’s casualty count is rising. First came Nvidia, then Samsung. Microsoft joined the ranks this week.