LastPass’ data breach allegedly resulted in the theft of around $53,000 worth of Bitcoin.
LastPass said on Dec. 25 that hackers had intercepted copied information, including cloud storage access keys, company name, username, billing address, Email addresses, phone numbers, and IP addresses. The company was also sued for allegedly stealing $53,000 worth of Bitcoin in the attack in August.
Class Action Filed Against LastPass
LastPass data breach led to the theft of $53,000 in Bitcoin, aggrieved parties filed a class action lawsuit against the company.
The class action was filed in US Massachusetts district court on January 3, by an anonymous plaintiff known simply as “John Doe” and on behalf of others in a similar situation.
The plaintiff claimed that he started accumulating BTC in July 2022 and updated his master password to more than 12 characters using a password generator as recommended by LastPass “best practices”. When news of the data breach emerged, the plaintiff deleted his private information from the customer vault. LastPass was hacked in August 2022, and the attacker stole encrypted passwords and other data, according to a December statement from the company.
Despite swift action to delete the data, it proved too late for the plaintiff. In the petition it was stated:
“However, on or around Thanksgiving weekend of 2022, the plaintiff’s Bitcoin was stolen using private keys that he had stored with the defendant (LastPass). The LastPass Data Breach, through no fault of its own, has exposed the plaintiff to continued risk and theft of his Bitcoin.”
LastPass is charged with negligence, breach of contract, unjust enrichment, and breach of fiduciary duty, but the figure claimed as compensation was not specified.