LastPass: LastPass Gets Initial Nod for $24.5 Million Data Breach Deal

LastPass Reaches $24.5 Million Settlement Over 2022 Data Breach

LastPass, a leading password-security provider, has received preliminary approval from a U.S. federal court to settle a proposed class-action lawsuit stemming from a 2022 data breach. The breach exposed the personal information of millions of users and led to the theft of cryptocurrency from affected accounts.

Under the terms of the settlement, LastPass will establish an $8.2 million fund to compensate class members for losses incurred due to the breach. An additional $16.3 million will be allocated for further victim compensation, bringing the total settlement to nearly $24.5 million. The agreement was filed in the U.S. District Court for the District of Massachusetts.

The breach, which occurred in 2022, compromised sensitive user data, including encrypted password vaults, and was linked to subsequent financial fraud targeting cryptocurrency holdings. The settlement aims to resolve claims from impacted individuals while avoiding prolonged litigation.

The case underscores the growing financial and reputational risks companies face following major cybersecurity incidents, particularly those involving sensitive financial or personal data.

Source: https://news.bloomberglaw.com/privacy-and-data-security/lastpass-gets-initial-nod-for-24-5-million-data-breach-deal

LastPass cybersecurity rating report: https://www.rankiteo.com/company/lastpass

"id": "LAS1770196017",
"linkid": "lastpass",
"type": "Breach",
"date": "1/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Millions of users',
                        'industry': 'Password-Security Provider',
                        'location': 'U.S.',
                        'name': 'LastPass',
                        'type': 'Company'}],
 'data_breach': {'data_encryption': 'Encrypted password vaults',
                 'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Encrypted password vaults',
                                              'Personal information']},
 'date_detected': '2022',
 'date_publicly_disclosed': '2022',
 'description': 'LastPass, a leading password-security provider, has received '
                'preliminary approval from a U.S. federal court to settle a '
                'proposed class-action lawsuit stemming from a 2022 data '
                'breach. The breach exposed the personal information of '
                'millions of users and led to the theft of cryptocurrency from '
                'affected accounts.',
 'impact': {'brand_reputation_impact': 'Growing financial and reputational '
                                       'risks',
            'data_compromised': 'Encrypted password vaults, personal '
                                'information',
            'financial_loss': '$24.5 million settlement',
            'identity_theft_risk': 'High',
            'legal_liabilities': 'Class-action lawsuit settlement'},
 'investigation_status': 'Settlement approved',
 'lessons_learned': 'Growing financial and reputational risks companies face '
                    'following major cybersecurity incidents, particularly '
                    'those involving sensitive financial or personal data.',
 'motivation': 'Financial Gain',
 'references': [{'source': 'U.S. District Court for the District of '
                           'Massachusetts'}],
 'regulatory_compliance': {'legal_actions': 'Class-action lawsuit'},
 'title': 'LastPass 2022 Data Breach Settlement',
 'type': 'Data Breach'}