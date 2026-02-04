The U.K. Information Commissioner's Office only fined LastPass £1.2 million (or about $1.6 million) for the breach. That's a pretty measly amount in the grand scheme of things, though: less than a dollar per 1.6 million people actually impacted by the breach in the U.K. alone.

Worse for LastPass, the intrusion was actually two incidents. In the first, a hacker gained access to a LastPass employee's corporate laptop and entered the company's development environment that way. No personal user data was taken at that point, though. That changed during the second incident, when the attacker targeted a senior employee through a known weakness in a third-party streaming service. The hacker used malware to capture the employee's password, bypass multifactor authentication, and finally let the attacker reach the backup database. While it may not have done much good in this case, it's always a good idea to pay attention to the signs that your computer could be infected with malware.

Security experts said this incident wasn't the result of one single catastrophic failure, but rather a combination of security lapses that ultimately let a hacker gain access to the LastPass backup database. But that excuse doesn't really help LastPass's case all that much. After all, systemic flaws aren't something you can just undo in a day, a week, a month, or even a year. It practically demands an overhaul from the ground up. And with this happening back in 2022 (and fines only coming through in December 2025), it makes you wonder how much work has actually been done to better secure things since.