Published on: January 11, 2023
LastPass is facing a class action lawsuit after announcing last month that it lost its customers’ password vaults during a data breach. The lawsuit was filed by Plaintiff John Doe, who, apparently, has been using the password manager since 2016. According to the lawsuit, LastPass promised that “prior to and during the Data Breach,” it would keep all of its customers’ private information confidential, which it failed to do.
John Doe claims that LastPass’ failure to protect its users’ personal information led to the stealing of his bitcoin. “Plaintiff has suffered the damages described herein, including but not limited to, the fraudulent removal of cryptocurrency from his portfolio due to the compromise of his Private Information, and remains at a significant risk of additional attacks now that his Private Information has been stolen,” the lawsuit read.
The lawsuit goes further to explain that the plaintiff and other class members are “at increased, substantial risk of future fraud and/or misuse of their Private Information, which may take years to manifest, discover, and detect.”
LastPass, however, claims that victims of the data breach remain safe since the master passwords of the password vaults “were not among the Private Information accessed in the Data Breach.” LastPass goes further to point out that these passwords couldn’t have been accessed in the first place, because “the master password is never known to LastPass and is not stored or maintained by LastPass.”
“As long as Plaintiff’s and Class members’ Private Information is in the hands of
cybercriminals, they will remain at substantial, imminent risk of continued misuse of their
Private Information,” reads the lawsuit.
According to the lawsuit, the plaintiff and class members were given a notice that they don’t need to take any actions at the moment. However, Plaintiff and Class members are constantly at risk unless they change all of the passwords and other personal information that were exposed.