A tech firm is settling with users affected by a cybersecurity incident that exposed sensitive customer information including encrypted password data.
According to court-authorized settlement documents, LastPass US has agreed to a proposed class action settlement over a data breach that occurred between August 2022 and November 2022 and impacted users of its password management service.
LastPass has agreed to provide cash benefits from an $8.2 million settlement fund, including reimbursement of up to $10,000 per claim for documented extraordinary losses linked to the incident. Furthermore, users may be eligible for smaller payments for ordinary losses or statutory damages depending on eligibility and documentation.
The settlement notice states that the fund will provide “reimbursement up to $10,000 per claimant for documented extraordinary losses caused by the Incident,” with payments potentially adjusted depending on the total number of valid claims.
According to the class action complaint, LastPass allegedly failed to implement adequate security measures to protect user data, and the breach exposed information such as names, billing addresses, email addresses and customer vault data.
In addition to monetary compensation, the settlement includes benefits such as credit and identity monitoring services for affected users. Claim forms must be submitted by July 2, 2026, and a final approval hearing is scheduled for July 14, 2026.