LastPass Data Security Incident Litigation
Potential cash payment for the 2022 LastPass data breach and related losses.
Description
In 2022, LastPass suffered data security incidents in which attackers copied customers' encrypted password vaults, personal information, and — for some users — data used to access cryptocurrency. LastPass US LP agreed to a $24.45 million settlement: an $8.2 million cash fund plus a separate $16.25 million pool for cryptocurrency-theft losses. Eligible account holders can claim a $25 base payment with no proof, up to $10,000 for documented losses, an extra $100 for California residents, and up to $900,000 for validated cryptocurrency losses.
Who qualifies
- Eligible: U.S. residents (and U.S.-registered businesses) whose LastPass account was compromised in the 2022 LastPass data security incident and contained data at the time.
- Submit your claim by 2026-07-02 (online by 11:59 p.m. ET, or mailed and received by that date).
- Base payment: $25 statutory cash payment — no proof of loss required.
- California residents: an additional $100 CCPA statutory payment.
- Documented losses: up to $300 for ordinary losses and up to $10,000 for extraordinary losses (documentation required).
- Cryptocurrency losses: up to $900,000 for validated crypto stolen via keys stored in LastPass (documentation and verification required).
- Exclusion/objection deadline: 2026-06-02. Final approval hearing: 2026-07-14.
Payout is not a law firm and does not provide legal advice. Settlement information is for general informational purposes only. Eligibility, legal representation, and any payment amount are determined by the settlement administrator, court, or participating law firm and are not guaranteed.