LastPass fined £1.2M by ICO for data breach
2 days ago
- #ICO
- #Cybersecurity
- #Data Breach
- LastPass UK Ltd fined £1.2 million by ICO for a 2022 data breach affecting 1.6 million UK users.
- Hacker accessed LastPass's backup database via two incidents involving employee laptops and stolen credentials.
- No evidence that encrypted customer passwords were decrypted due to LastPass's 'zero knowledge' encryption system.
- Personal information compromised included customer names, emails, phone numbers, and stored website URLs.
- ICO urges businesses to review and strengthen their security measures to prevent similar breaches.
- Advice and guidance available on ICO and National Cyber Security Centre websites.