LastPass Coughs Up $8.2M After 2022 Breach—Your Vault Wasn't So Vault-Like After All

LastPass US has agreed to an $8.2 million settlement with users affected by a cybersecurity incident that exposed sensitive customer information including encrypted password data. The breach occurred between August 2022 and November 2022, impacting users of the password management service. Because nothing says "trust me with your digital life" quite like getting rekt by hackers while you were busy actually securing your accounts.

Class action settlement documents reveal affected users could receive up to $10,000 per claim for documented extraordinary losses linked to the incident. Smaller payments are also available for ordinary losses or statutory damages, depending on eligibility and documentation. For those keeping score at home, that's roughly the price of a decent used car or about 0.02 BTC at current prices—comforting, right?

The settlement notice states the fund will provide "reimbursement up to $10,000 per claimant for documented extraordinary losses caused by the Incident," with payments potentially adjusted based on the total number of valid claims. Translation: if too many people actually got rugged by this, everyone's payout gets diluted faster than a DAO token dump.

According to the class action complaint, LastPass allegedly failed to implement adequate security measures to protect user data. The breach exposed information including names, billing addresses, email addresses, and customer vault data. Imagine paying for a premium password manager only to have your "secure" vault turned into a public library of credentials. Ouch.

Beyond monetary compensation, the settlement includes credit and identity monitoring services for affected users. Nothing says "we messed up but here's a free year of LifeLock" quite like a breach that exposed the digital keys to your entire online existence. At least they're throwing in some monitoring to watch your identity float away in real-time.

Claim forms must be submitted by July 2, 2026, with a final approval hearing scheduled for July 14, 2026. That's roughly 18 months of waiting around to see if you'll get enough to cover your therapy bills after watching your password hygiene crumble in real-time. Set those reminders, degens.