LastPass $24.45 Million Data Security Incident Settlement
LastPass $24.45 Million Data Security Incident Settlement

Individuals who received an email notice from LastPass about a 2022 data security incident may be eligible to claim a cash payment from a class action settlement.

LastPass US LP agreed to pay up to $24,450,000 to resolve a class action lawsuit related to a data security incident that occurred between August and November 2022. The lawsuit alleged LastPass failed to adequately protect user data, leading to the exposure of both encrypted and unencrypted backup storage data.

Who can file a claim?

To be eligible for benefits from this settlement, individuals or entities must meet the following criteria:

  • They received an email notice from LastPass about the 2022 data security incident or the settlement.
  • The data breach allegedly compromised, extracted, copied, stole or otherwise exposed their LastPass account.
  • The account contained data at the time of the incident.
  • They reside in the United States or are a company/entity registered to do business in the United States.

The settlement class includes:

  • Individuals with consumer free, consumer premium, consumer family or business accounts
  • Organizations or entities registered in the United States with affected LastPass accounts

How much are LastPass settlement payouts?

The settlement offers several types of benefits depending on account type, residency and losses:

  • In-kind relief:
    • For consumer free account users at the time of the incident, a complimentary six-month upgrade to a consumer premium account (must submit a claim form)
    • For all class members, dark web monitoring services (provided automatically)
  • Cash benefits:
    • For eligible consumer premium, consumer family or business account holders with vault content, a $25 statutory payment
    • For documented ordinary losses fairly traceable to the incident, up to $300 reimbursement per claimant
    • For documented extraordinary losses the incident caused, up to $10,000 reimbursement per claimant
    • For eligible California residents, a $100 CCPA statutory damages payment
  • Crypto pool benefits:
    • For validated cryptocurrency losses the incident allegedly caused, up to $900,000 per claimant
    • Payouts are subject to a $16.25 million aggregate cap

All cash and crypto benefits are subject to pro rata distribution, which means the settlement administrator may increase or decrease the actual payment depending on the number of valid claims and the total costs it deducts from the fund.

How to claim a LastPass payout

To receive a payout and benefits, class members must submit an online claim form or print and complete the PDF claim form to mail to the settlement administrator.

Settlement administrator's mailing address: LastPass Data Security Incident Litigation Settlement Administrator, P.O. Box 2230, Portland, OR 97208-2230

Class members must submit claims online or postmark them by July 2, 2026.

Required documentation

Claimants must provide documentation for certain types of claims:

  • For ordinary and extraordinary loss claims, class members must submit receipts, invoices, bank or credit card statements or other documents showing actual, unreimbursed losses related to the incident.
  • For CCPA statutory damages claims, California residents must attest to residency at the time of the incident and that their LastPass vault stored certain types of information.

For cryptocurrency loss claims, class members must submit documentation online. These claimants are subject to additional screening.

  • Tier 1 claimants are those whom LastPass confirms stored compromised wallet private keys/seed phrases in the backup copy of their vaults.
  • Tier 2 claimants are those who cannot recall their master password to open the backup copy of their vaults. These claimants must submit additional forms of proof to verify:
    • The claimant's LastPass vaults actually stored their compromised wallet private keys/seed phrases at the time of the incident.
    • Where within the LastPass vault the claimant stored the impacted private key/seed phrase (e.g., secure note or within the notes section of a credential for a website, etc.)

A special master will process all crypotcurrency claims. The master will process all Tier 1 claims before moving to Tier 2.

To file an online claim, class members must provide the unique ID and PIN from the email notice they received. Those who did not receive or lost their notice should contact the settlement administrator at 1-877-748-1875.

Step-by-step claim instructions

Follow these steps to submit a claim:

  1. Locate the unique ID and PIN from the email notice. Class members who do not have these should contact the settlement administrator at 1-877-748-1875.
  2. Collect all supporting documentation for the claim (receipts, statements, etc.).
  3. Go to the online claim form or download the PDF claim form.
  4. Complete all required fields, including name, address, account type and claim details.
  5. Select the desired benefit(s) and upload or attach supporting documentation.
  6. Submit the form online or mail it to the settlement administrator at LastPass Data Security Incident Litigation Settlement Administrator, P.O. Box 2230, Portland, OR 97208-2230.
  7. Keep the confirmation code or mailing receipt as proof of submission.

What are the LastPass settlement payout options?

  • Physical check
  • Electronic payment (requires a valid email address)

Settlement fund breakdown

The $8.2 million non-reversionary settlement fund will cover:

  • Settlement administration costs: To be determined
  • Attorneys' fees: Up to $2,870,000
  • Service awards to class representatives: Up to $140,000 ($10,000 to each of the 14 class representatives)
  • Statutory payments to class members: Remainder of the fund

The crypto pool fund of up to $16.25 million will cover:

  • Special master administration costs: To be determined
  • Attorneys' fees: Up to $5,687,500
  • Crypto pool payments to class members: Prorated amount of the fund depending on the number of valid claims submitted

Important dates

  • Deadline for exclusion: June 2, 2026
  • Deadline to file a claim: July 2, 2026
  • Final approval hearing: July 14, 2026

When is the LastPass Settlement payout date?

Payout dates differ between the regular cash settlement fund and the crypto pool fund.

Non-reversionary settlement fund payments

The settlement administrator will issue regular cash settlement fund payments in September or October of 2026 at the earliest.

Crypto pool payments

Crypto pool payments have a slower and less fixed timeline. The court may schedule another hearing after the final approval hearing to approve crypto pool payments.

The settlement administrator will issue crypto pool payments around March 2027 at the earliest.

Sources

  1. Settlement agreement
  2. Settlement website FAQ page
  3. Claim form
  4. Long form notice
  5. Cryptocurrency theft claims process
Settlement Open for Claims
Award:
Varies
Deadline:
July 2, 2026
SUBMIT CLAIM