LastPass hit with class-action lawsuit over hack

Former LastPass customer says $53,000 in bitcoin was stolen from him as a result of password manager's data breach

LastPass is facing a class-action lawsuit filed by a former customer who says a hacker stole tens of thousands in Bitcoin from him as a result of one of the password manager's multiple data breaches last year.

The complaint filed in the U.S. District Court of Massachusetts accuses LastPass of failing to "exercise reasonable care in securing and safeguarding highly sensitive consumer data in connection with a massive, months-long data breach that began in August" and impacted "potentially millions" of customers.

LastPass hack

Password manager LastPass suffered multiple data breaches last year. (Leon Neal/Getty Images / Getty Images)

LastPass acknowledged in late August last year that "an unauthorized party gained access to portions" of its network through a developer's compromised account, and determined at the time that no customer data or encrypted password vaults were accessed by the hacker.

The company then admitted a second breach in late November, saying someone used information accessed in the August hack to "gain access to certain elements of our customers' information." LastPass insisted users' passwords remained safely encrypted at that time.

INDIANA AG: THIS IS WHY THERE SHOULD BE ‘ZERO’ TIKTOK USERS TOMORROW MORNING

But the unnamed plaintiff claims in the suit filed Tuesday that around Thanksgiving weekend of 2022, roughly $53,000 worth of bitcoin was stolen from him by someone who used the private keys he had stored on LastPass for accessing the cryptocurrency.

hackers on computer

A former LastPass customer claims a hacker stole roughly $53,000 worth of bitcoin from him due to a data breach suffered by the password management firm. (iStock / iStock)

The lawsuit is asking that LastPass be forced to disclose specifically all the types of private information that were compromised during the breach and, among other things, to pay compensatory damages and restitution for failing to keep customers' data secure.

META FINED NEARLY $414M OVER PRIVACY VIOLATIONS BY EU REGULATORS

LastPass did not immediately respond to FOX Business' request for a response to the suit.

LastPass data breach

LastPass suffered multiple security breaches in 2022. (Photo Illustration by Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images / Getty Images)

In the company's latest blog update on Dec. 22 regarding the security incidents, LastPass CEO Karim Toubba acknowledged that a "threat actor" had copied a backup of customer vault data that included "fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-milled data."

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Toubba emphasized in the post last month that "these encrypted fields remain secured."