Okta (OKTA -8.6%) shares have plunged after the digital identity authentication firm confirmed on Tuesday a security breach caused by a hacking group known as Lapsus$.

The data breach happened in January, but was revealed by hackers this week. As many as 366 Okta customers are reported to have been affected by the attack. More than 15,000 businesses and institutions use Okta's software worldwide to manage access to their networks and applications. Okta has contacted the potentially affected customers.

According to a WSJ report, the breach originated from the laptop of a customer support engineer employed by Miami-based subcontractor Sitel Group. The hackers had access to the laptop between January 16 and 21, Okta said.

The company noted that taking control of the computer effectively gave the hackers the same level of access as the engineer. Support engineers have access to limited data and cannot see the passwords themselves, create or delete user accounts, download customer databases or access source code repositories.

Separately, Okta was downgraded by Raymond James to market perform from strong buy, citing a "continually disconnected CIAM go-to-market strategy (i.e. still separate reps for Auth0/Okta, no communication to incent channel cross-sell, no evidence of improved technology/integration [...]) While partners were willing to trust Okta's track record, the handling of its latest security incident adds to our mounting concerns."

A day earlier Truist analyst Joel Fishbein cut his rating on Okta to hold from buy, saying that it will take time to assess the "damage" to the identity-management technology company's brand after CEO Todd McKinnon disclosed the breach.