Identity & Access Management
,
Security Operations
The Identity Provider Experienced a String of Embarrassing Cybersecurity Incidents
Okta announced layoffs amounting to 7% of its workforce in a restructuring that will cost 400 employees their jobs. Thursday’s disclosure is the second round of layoffs the San Francisco identity giant has undergone in the past 12 months.
See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government
In a regulatory filing, the company said the new layoffs will likely result in a $24 million tab for employee severance and extended benefits costs.
In an email broadcast to employees published by CNBC, company CEO Todd McKinnon said the cuts are necessary to run the company with “greater efficiency.”
“While we’ve taken steps in the right direction, the reality is that costs are still too high,” McKinnon said. Okta stock is up nearly 1.8% as of midday trading.
In February 2023, the company axed 300 workers – then 5% of the workforce, blaming decisions that caused it to “overhire for the macroeconomic reality we’re in today.”
The company has experienced a string of embarrassing security incidents, including a September 2023 incident in which hackers stole details for all users of its primary customer support system, including a list of customer support system usernames and contact details (see: Okta Says Hacker Stole Every Customer Support User’s Details).
In March 2022, a member of the teenager-dominated extortion group Lapsus$ gained access to Okta servers for five days through the compromised account of a third-party customer support engineer in an incident the company said had affected 2.5% of its customers.
The company in November announced a 90-day pause on product development and internal projects in a bid to beef up its security architecture. A company spokesperson did not return a request for comment on the status of the pause.
Today’s announcement of layoffs comes one day after email security vendor Proofpoint announced a reduction in force amounting to 6% of its workforce (see: Proofpoint Lays Off 6% of Workforce, Offshores Jobs). The cybersecurity market entered a period of layoffs in 2022 following uncertain economic indicators and a shift in investor demands from growth to profitability.
This round of layoffs by Okta is the fourth-largest by a pure-play cybersecurity company since the onset of the coronavirus pandemic. OneTrust let go of 950 employees in June 2022, and Rapid7 and Sophos each axed around 450 employees in 2023.
With reporting from Information Security Media Group’s Michael Novinson in Massachusetts