On 21 March 2022 Lucid was made aware of a security incident involving Okta. Lucid is taking the claim seriously and has taken the following steps to verify that there has not been a compromise of Lucid’s Okta account or any systems that are connected to it. We do not use Okta for customer accounts; customers do not need to take any action unless they themselves use Okta.

Additionally in a recent update Okta indicated they had already contacted all customers who may have been impacted. Lucid has not been notified.

What Steps We've Taken

1. Evaluated logs for indicators of compromise including exports of data and anomalous activity. 

2. Verified system configurations for internal tools and confirmed that it is not possible to access critical information in those systems via Okta. 

3. Confirmed that remote Okta Support access was disabled prior to Okta’s security incident.

Conclusion

After thorough examinations Lucid has not found any strange or anomalous behavior with its Okta account or any related or connected services. Lucid will continue to monitor the situation and will take any additional required actions as more information becomes available.