Okta, Inc. Loss Submission Form

(i) Okta had inadequate cybersecurity controls; (ii) as a result, Okta’s systems were vulnerable to data breaches; (iii) Okta ultimately did experience a data breach caused by a hacking group, which potentially affected hundreds of Okta customers; (iv) Okta initially did not disclose and subsequently downplayed the severity of the data breach; (v) all the foregoing, once revealed, was likely to have a material negative impact on Okta’s business, financial condition, and reputation; and (vi) as a result, the Company’s public statements were materially false and misleading at all relevant times.