LastPass has agreed to a nearly $25 million settlement to resolve a class-action lawsuit stemming from a 2022 data breach that exposed sensitive user and cryptocurrency vault information.

Key Points

• Affected users can file claims for ordinary losses up to $300 and extraordinary losses up to $10,000 from an $8.2 million settlement fund.
• A separate $16.25 million fund is available specifically for users who suffered documented cryptocurrency losses, with potential payouts reaching $900,000.
• Eligible claimants must file their submissions by the July 2, 2026, deadline using the unique identifier and PIN provided in official settlement emails.
• California residents may be eligible for an additional $100 payment under the California Consumer Privacy Act.
• Non-monetary relief includes complimentary dark web monitoring for all users and six months of premium service for those who were free users during the breach.

Why it Matters

This settlement highlights the significant financial and legal risks companies face when failing to secure sensitive user data and encrypted password vaults. It provides a structured path for victims to recover losses while underscoring the importance of robust cybersecurity practices for platforms managing critical personal information.