Shares of Okta Inc. were extending their sizable selloff Monday as analysts weighed in on the potential impacts of a recently disclosed data breach.
The stock was off more than 7% in Monday morning trading after shedding 11.6% Friday, when the company disclosed a security breach that occurred when hackers got access to a stolen credential and were able to see files related to some support cases.
Evercore ISI analyst Peter Levine opened a tactical underperform call on Okta shares
OKTA,
Monday in light of the latest development. The call “is rooted in our concern that these events will most likely have a [near-term] impact on OKTA’s pipelines, potentially forcing a downward revision to FY24 estimates and jeopardizing consensus estimates.”
Okta customers MGM Resorts International and Caesars Entertainment Inc. suffered breaches earlier this year, and Levine’s conversations with partners indicated that customers were trying to capitalize on those incidents by asking for discounts or prolonging the sales cycle as they “attempt to gain a clearer understanding of Okta’s involvement.”
“In Okta’s defense, the MGM & Caesars breach was purely a result of social engineering or a 3rd party entity,” he wrote. “Nevertheless, the mere presence of headlines regarding these incidents appears to be prompting customers to ask additional questions and preliminary reports from last week’s incident would indicate a delayed response from OKTA.”
See more: A stranger in your hotel room? Kitty-litter shortages? Online attacks are causing real-world effects.
Wells Fargo’s Andrew Nowinski kept an overweight rating on Okta shares, but he flagged his concerns that “this could have a negative impact on the quarter and the pipeline.”
He noted that this is the second breach for Okta in as many years, but it’s more concerning than the prior one, in his view, as it “was clearly Okta’s fault.”
“We are most concerned with the fact that Okta was unaware of the breach and did not have the internal capabilities to detect this behavior,” Nowinski wrote. “They were notified of the potential breach by a customer (Beyond Trust) and still took approximately two weeks to make a public disclosure.”
Read the full article here