LastPass Data Breach Settlement: Up to 24.45 Million to Claim Losses
The LastPass Data Breach Settlement: Up to 24.45 Million to Claim Losses settlement offers $24.45M in total, with individual payouts of $25 to $900K to eligible claimants who received an email notice from lastpass regarding the 2022 data security incident or the settlement. The deadline to file is July 2, 2026. Proof of purchase is required.
Deadline: July 2, 2026
Total amount allocated for all claims
Estimated amount per eligible claim
Claimants must submit a claim form online or by mail and provide documentation depending on the benefit type. For ordinary and extraordinary losses, provide receipts, invoices, and bank/credit card statements or other proof of actual, unreimbursed losses tied to the incident. For CCPA statutory damages, California residents must attest to residency at the time of the incident and that covered information was stored in their LastPass vault. For cryptocurrency-loss claims, proof is subject to screening: Tier 1 requires confirmation that the compromised wallet private keys/seed phrases were stored in the backup copy of the claimant’s vault; Tier 2 requires additional verification when the claimant cannot recall the master password, including evidence that the impacted private key/seed phrase was stored in the vault and where (e.g., Secure Note or notes section of a credential). Claimants use the Unique ID and PIN from the notice for the online submission.
Settlement Summary
In 2022, password-management company LastPass disclosed a data security incident that occurred between August and November 2022, raising alarms about whether user data was adequately protected. The settlement notice explains that the lawsuit alleged LastPass failed to safeguard information involved in the breach, including both encrypted and unencrypted backup storage data—an issue that matters because password managers can store highly sensitive “vault” contents such as credentials, secure notes, and sometimes cryptocurrency-related recovery data. LastPass denies wrongdoing, but agreed to pay up to $24.45 million to resolve the claims, offering eligible users a way to seek recovery while avoiding the uncertainty and expense of continued litigation. The lawsuit was filed to pursue compensation and accountability under privacy and consumer-protection theories, including claims tied to California privacy law (CCPA), and to reimburse certain losses that could be traced to the incident—ranging from ordinary expenses (like security-related costs) to more substantial cryptocurrency losses. The settlement’s significance is also in how it structures relief: it includes automatic dark-web monitoring for users, a small “statutory” cash payment for certain account holders, potential reimbursement for documented losses, and a separate cryptocurrency “pool” (with validation tiers and pro rata reductions if claims exceed the available funds). Broader implications are clear across the industry: password managers and other security-sensitive tech companies face increasing pressure after breaches, and they must navigate regulations and expectations shaped by laws like the FTC Act (unfair or deceptive practices), state privacy laws such as the CCPA/CPRA, and evolving cybersecurity “reasonable security” standards—making this case a prominent example of how data breach litigation can translate into structured settlement benefits for affected users.
Entities Involved
Related Topics
Eligibility Requirements
- Received an email notice from LastPass regarding the 2022 data security incident or the settlement
- Had a LastPass account that was allegedly compromised/extracted/copied/stolen or otherwise exposed during the August–November 2022 incident
- The account contained data at the time of the incident
- Was a U.S. resident or a company/entity registered to do business in the United States
- For certain benefits, the account type qualifies (Consumer Free, Consumer Premium, Consumer Family, or Business Accounts)
- For cryptocurrency-loss benefits, the claim must be validated and supported by required proof (Tier 1 or Tier 2 requirements)
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.
Related Settlements
Anne Arundel Dermatology Data Breach Settlement $2.4 Million for Patient Info Security Claims
Anne Arundel Dermatology P.A. agreed to pay a $2.4 million settlement to resolve allegations that a data breach exposed patients’ personal and health information. The incident occurred between Feb. 14, 2025, and May 13, 2025. Eligible class members are people in the U.S. who provided or whose information the clinic collected, received, or possessed on or before Dec. 9, 2025.
Absolute Dental Group $3.3 Million Settlement for 2025 Data Breach Losses
Absolute Dental Group LLC agreed to pay a $3.3 million class action settlement over a potential 2025 data breach affecting consumers’ personal information. The incident occurred between Feb. 19, 2025 and March 5, 2025, when unauthorized access may have exposed data. Eligible U.S. residents who received notice from Absolute Dental about the incident may claim up to $5,000 for documented losses and may also receive a pro rata cash payment, with certain California residents eligible for an enhanced amount.
Travelers PIP Settlement for New Jersey Claims Up to 70 or More for Deductible Reductions
A class action settlement totaling at least the net settlement fund (with attorneys’ fees up to $275,000 and service awards of $7,500) resolves allegations that Travelers and St. Paul improperly reduced New Jersey PIP coverage limits by counting deductibles and copayments, causing some insureds to receive less than the PIP benefits available. Eligible policyholders (and certain heirs/representatives) who received final PIP payments between April 14, 2017 and April 1, 2023 that were within $3,000 of their policy limit—but not the full limit—may receive an automatic $70 and possibly additional compensation.
MUBI $1.6 Million Settlement for California Auto-Renewal Without Notice
California subscribers of the MUBI streaming service may be eligible for a $1.6 million class action settlement over alleged auto-renewal charges without adequate notice or proper consent. The claims cover sign-ups beginning April 1, 2021 and auto-renewals occurring through May 31, 2025, as described in Cesar Cejudo v. MUBI, Inc. To be eligible, claimants must have been California residents whose subscription renewed at least once and who did not receive a full refund of renewal charges.