They cant get away with "oh shiz we screwed up", this is the essential part of their business. If you're unable to perform the fundamental service you are offering, it's indefensible. Okta having a security breach is like a pizza shop owner who's unable to make a pizza.
Not sure if it's reasonable to expect perfect security, people are fallible so that position won't make you very happy. We'll all get hacked, question is if we make it easy for them to gather private information which in this case didn't seem to have happened. The fact that it wasn't, probably is due to it being "the essential part of their business".
