LastPass hammered with £1.2M fine for 2022 breach fiasco

The UK's Information Commissioner's Office (ICO) says LastPass must cough up £1.2 million ($1.6 million) after its two-part 2022 data breach compromised information from up to 1.6 million UK users.

Information Commissioner John Edwards said: "Password managers are a safe and effective tool for businesses and the public to manage their numerous login details and we continue to encourage their use. However, as is clear from this incident, businesses offering these services should ensure that system access and use is restricted to ensure risks of attack are significantly reduced.

"LastPass customers had a right to expect the personal information they entrusted to the company would be kept safe and secure. However, the company fell short of this expectation, resulting in the proportionate fine being announced today."

Edwards also stated that all UK businesses should be aware of the fine and take their own steps to ...