LastPass Sued Over Password Vault Breach

Kamso Oguejiofor-Abugu Kamso Oguejiofor-Abugu

LastPass is facing a class action lawsuit after announcing last month that it lost its customers’ password vaults during a data breach. The lawsuit was filed by Plaintiff John Doe, who, apparently, has been using the password manager since 2016. According to the lawsuit, LastPass promised that “prior to and during the Data Breach,” it would keep all of its customers’ private information confidential, which it failed to do.

John Doe claims that LastPass’ failure to protect its users’ personal information led to the stealing of his bitcoin. “Plaintiff has suffered the damages described herein, including but not limited to, the fraudulent removal of cryptocurrency from his portfolio due to the compromise of his Private Information, and remains at a significant risk of additional attacks now that his Private Information has been stolen,” the lawsuit read.

The lawsuit goes further to explain that the plaintiff and other class members are “at increased, substantial risk of future fraud and/or misuse of their Private Information, which may take years to manifest, discover, and detect.”

LastPass, however, claims that victims of the data breach remain safe since the master passwords of the password vaults “were not among the Private Information accessed in the Data Breach.” LastPass goes further to point out that these passwords couldn’t have been accessed in the first place, because “the master password is never known to LastPass and is not stored or maintained by LastPass.”

“As long as Plaintiff’s and Class members’ Private Information is in the hands of

cybercriminals, they will remain at substantial, imminent risk of continued misuse of their

Private Information,” reads the lawsuit.

According to the lawsuit, the plaintiff and class members were given a notice that they don’t need to take any actions at the moment. However, Plaintiff and Class members are constantly at risk unless they change all of the passwords and other personal information that were exposed.

About the Author

About the Author

Kamso Oguejiofor is a former Content Writer at SafetyDetectives. He has over 2 years of experience writing and editing topics about cybersecurity, network security, fintech, and information security. He has also worked as a freelance writer for tech, health, beauty, fitness, and gaming publications, and he has experience in SEO writing, product descriptions/reviews, and news stories. When he’s not studying or writing, he likes to play basketball, work out, and binge watch anime and drama series.