Could You Be Affected by the LastPass Data Breach?
A data breach at LastPass following a significant cyberattack in August 2022, could have exposed personal data belonging to 1.5 million individuals across the UK. If your data was compromised, you cold be due compensation.
By registering your interest, we will keep you informed when updates become available.
Please note: KP Law work on a no-win, no-fee basis. This means that you pay nothing up front and, provided you keep to your contractual obligations, even if your claim is unsuccessful, you won't pay anything. Please see further information for details.
NO FEE*
By registering your interest, we will keep you informed when updates become available.
Please note: KP Law work on a no-win, no-fee basis. This means that you pay nothing up front and, provided you keep to your contractual obligations, even if your claim is unsuccessful, you won't pay anything. Please see further information for details.
What do we know about the LastPass data breach?
The UK Information Commissioner’s Office (ICO) has fined LastPass £1.2 million after finding that security failings led to a major data breach in 2022.
The breach comprised two linked cyberattacks: a hacker first compromised an employee’s device to access encrypted credentials, then breached a senior employee’s personal device to obtain decryption keys, enabling extraction of the LastPass backup database.
This allowed the attacker to steal personal information belonging to around 1.6 million UK customers. This data included names, email addresses, phone numbers and website URLs stored in customer accounts.
LastPass uses a “zero-knowledge” system, meaning customer passwords and vault contents were not exposed. However, the personal data stored in the backup database was accessed and taken.
The ICO found that LastPass did not have strong enough security measures in place, which allowed the breach to happen.
The ICO found that LastPass did not have strong enough security measures in place, which allowed the breach to happen.