UK ICO Fines LastPass Over 2022 Data Breach

Password Manager Must Pay 1.2M Pounds Akshaya Asokan (asokan_akshaya) • December 11, 2025

The British data regulator imposed a fine of 1.2 million pounds against password manager LastPass over a 2022 data breach that exposed the data of millions of its customers.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

Unidentified hackers stole backup data from LastPass's Amazon Web Services S3 bucket. Among the exposed data were email and IP addresses of 1.6 million British accounts, as well as names and phone numbers of thousands of LastPass customers.

"LastPass customers had a right to expect the personal information they entrusted to the company would be kept safe and secure. However, the company fell short of this expectation, resulting in the proportionate fine being announced today," Information Commissioner John Edwards. The fine amounts to $1.6 million.

Analysis by Information Commissioner's Office ...