LastPass’s ‘Deficient’ Cybersecurity Caused 2022 Data Breach, Class Action Claims
Last Updated on December 12, 2022
Debt Cleanse Group Legal Services, LLC v. GoTo Technologies USA, Inc. et al
Filed: December 2, 2022 ◆§ 1:22-cv-12047
LastPass US LP and GoTo Technologies USA face a class action that claims the companies’ inadequate cybersecurity practices resulted in a data breach in August 2022.
LastPass US LP and affiliate GoTo Technologies USA face a proposed class action that claims the companies’ inadequate cybersecurity practices resulted in a data breach in August 2022, compromising customers’ financial and personal information.
The 31-page case alleges the defendants have falsely advertised that LastPass’s password management service utilizes “robust” data security procedures. Based on these promotions, the plaintiff, Debt Cleanse Group Legal Services, purchased an enterprise subscription to LastPass in 2018 so its employees could use the program to store passwords, the filing claims.
Although the service purports to offer superior data protection, the defendants employed “deficient and unreasonable” cybersecurity practices, such that an unauthorized third party infiltrated LastPass and GoTo’s shared network in August of this year, the complaint contends. Per the suit, the system contains sensitive customer data, including financial account information, names, addresses, contact information and account passwords, that has likely been copied, sold and used for criminal activity such as identity theft or fraud.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
According to the case, LastPass discovered the data breach in August and released public statements on August 25 and September 15, relaying that no customer information was under threat. However, in an “unreasonably” delayed notification published on November 30, LastPass admitted that “the criminals accessed certain elements” of customer information, the suit says. The notice also stated that consumers’ passwords were still secure, which is a report based on LastPass’s “incomplete and ongoing” investigation, the filing charges.
“Each new notice revealed that the Data Breach was worse than before, while continuing to falsely allay reasonable concerns that Customer Information was taken or the Data Breach was serious,” the case states.
The case relays that the plaintiff would not have purchased LastPass’s service had it known that the defendants would not properly safeguard their network.
The lawsuit looks to cover anyone whose customer information was accessed in the LastPass and GoTo data breach discovered in August 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.