January 31, 2023

To print this article, all you need to do is register or log in to Mondaq.com.

LastPass, the cloud storage system for passwords, suffered a security breach in late 2022 that caused ripples in the security world. Some elements of user data were retained, although many were encrypted. The company has downplayed the potential impact. security adviser does not. LastPass appears to be on the right track in terms of immediate disclosure and investigation, which should be a no-brainer at this point. It also had internal policies that could help limit its exposure (and any losses to users), although that remains to be seen.

Why it matters

The standard security recommendation for any business involves using multiple layers of protection to protect business assets and any information belonging to third parties such as consumers or customers. This breach illustrates why it’s important to have multiple strategies: if someone breaks in but can only take encrypted data, your losses (and your liabilities) can be reduced. There are other ways to “double down” on protection, and resources like NIST and the FBI offer comprehensive recommendations for improving your security posture. Take the opportunity to use the new year as a reset of your privacy and security practices: update everything, patch everything, review your privacy policy against your actual data practices, and give employees refresher training on phishing and other topics. Your data will thank you.

First, it’s important to understand what happened: The company said intruders gained access to its cloud database and obtained a copy of tens of millions of customers’ data vaults using credentials and keys stolen from a LastPass employee .


The content of this article is intended to provide a general guide to the topic. In relation to your specific circumstances, you should seek advice from a specialist.

POPULAR ARTICLES ABOUT: Privacy from the United States

Revised Rules of the Colorado Privacy Act

Davis+Gilbert LLP

The Colorado Attorney General’s Office released proposed revised rules for the Colorado Privacy Act (CPA) late last year.

Leave a Reply

Your email address will not be published. Required fields are marked *