As long as it doesn't hurt the bottom line, these venture-capital funded companies don't care.
A large swath of the US gov't uses Okta for identify management. And the contracts must be huge.
Tying a breach like this to a loss of government assets and assigning monetary damages to the VC owners would be very difficult. There is no top-to-bottom accountability.
In the end the taxpayer is screwed by the perps via loss of identity and services, and then screwed by the gov't to try to remedy the situation. Win-win for some, lose-lose for us.