LastPass UK Ltd was fined £1.2 million by the ICO after a 2022 data breach exposed personal information of 1.6 million UK customers. Despite using zero knowledge encryption, the breach highlighted vulnerabilities in employee device security and system safeguards. #LastPass #DataBreach #ICO #CybersecurityLessons
Keypoints
- The 2022 data breach at LastPass involved unauthorized access via compromised employee devices.
- Hackers exploited a known vulnerability and used keylogger malware to obtain the master password.
- Encrypted passwords were protected; however, personal data such as names and contact details were exposed.
- The ICO fined LastPass UK Ltd for failing to implement strong security measures to prevent the breach.
- The incident underscores the importance of restricting system access and securing employees’ personal devices.
Read More: https://thecyberexpress.com/ico-fines-lastpass-uk-for-data-breach/