Migliaccio & Rathod is currently investigating leading password manager, LastPass, for its alleged failure to protect sensitive customer data in the wake of a massive data breach that LastPass first disclosed in August 2022. At the time, LastPass reported that a threat actor had gained unauthorized access through a single developer account to portions of LastPass’s development environment, stealing “source code and some proprietary LastPass technical information.” However, the company recently provided an update on the data breach, saying the breach was worse than originally thought, and that hackers were also able to access customer personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data, including website usernames and passwords, secure notes, and form-filled data.
Due to the lapse in time between the data breach and LastPass’s updated notice to affected customers, hackers may have already been able to acquire customer information and fraudulently misuse it. Victims of data theft in other similar data breaches have previously been forced to spend money on credit monitoring services or otherwise resolve the negative impact of identity theft or fraud on their personal finances. Some individuals affected by the LastPass data breach may have already noticed one or more of the following types of fraudulent activity related to the loss of their personal information from LastPass systems: suspicious credit card charges, unauthorized account usage, or phishing attacks that target a user’s personal and/or business finances.
Are you a current or former LastPass user?
If so, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520 for a free consultation.
The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches. More information about our current cases and investigations is available on our blog.