Settling a LastPass Data Breach Could Result in a Large Payout.
If you were a LastPass user affected by a major security breach in 2022, you may be eligible for a monetary settlement—possibly a very large one. The company compensates those affected by user data breaches, and some may receive five-figure sums.
What happened in the LastPass data breach?
In 2022, LastPass experienced two major cybersecurity incidents, resulting in attackers gaining access to users’ password vaults containing both encrypted and unencrypted data, including usernames, passwords, secure notes, form entries, and website URLs. Security researchers later discovered that the hackers had successfully cracked some of the users’ master passwords and stolen millions of dollars in cryptocurrency .
Consumers subsequently sued LastPass, and the company eventually agreed to an $8.2 million settlement late last year.
Am I eligible for compensation for the LastPass data breach?
If you are a US resident and had a LastPass account at the time of the data breach, you are likely part of a class of individuals covered by the settlement agreement . You may have received an email about the 2022 incident or a notice of the settlement agreement. Class members are eligible for compensation based on the level of their account and the amount of damages they may have suffered.
How much can I get in a LastPass dispute settlement?
Any LastPass user who had a Premium, Family, or Business account at the time of the data breach is eligible for a $25 payment. (Free users are only eligible for a six-month Premium subscription.) If you’re a California resident, you’re eligible for an additional $100, regardless of your account type.
Users who have suffered documented losses due to a data breach are eligible for additional benefits. These include compensation of up to $300 for credit monitoring, identity protection, identity recovery, darknet monitoring, security, medical or mental health services, and up to $10,000 to cover expenses related to identity theft and fraud. Cryptocurrency-related losses may also be compensated for up to $90,000 per claimant.
Finally, LastPass automatically adds dark web monitoring services for users affected by a data breach who still have active accounts.
What do I need to do to receive a payout under my LastPass agreement?
To receive a payout, eligible users must submit a claim by 11:59 PM ET on July 2, 2026. Claims can be submitted online through the dispute resolution portal . You will need to provide the unique ID and PIN from the settlement notice, as well as verify certain information about your LastPass account. If you are claiming additional compensation for your losses, you will also need to upload supporting documents, such as receipts, invoices, bank statements, or copies of correspondence.
If you believe you are covered by the settlement agreement but have not received (or cannot locate) the notice, you can call the administrator at 1-877-748-1875. Final approval of the agreement is expected on July 14, 2026, and additional time may be required for processing and payment of compensation.