Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

UK Information Commissioner's Office Imposed a £1.2m ($1.6m) fine on LastPass on Creates regulatory and financial consequences for inadequate security controls

Regulatory/Legal Action
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

UK ICO fined LastPass £1.2m ($1.6m) for security failings linked to a 2022 data breach, putting a regulatory cost on controls that left personal data exposed. The penalty follows findings that an estimated 1.6 million users were affected. The case underscores how weaknesses in technical and security measures can trigger enforcement even when passwords themselves were not decrypted. It also raises the stakes for providers handling sensitive authentication and identity data.

Related Happenings

ICO fine against South Staffordshire Water for data breach

Regulatory/Legal Action
First: 12.05.2026 11:30 Last: 12.05.2026 11:30 Sources 1

About this happening: The **ICO** finalized a **nearly £1m** penalty against **South Staffordshire Water** and **South Staffordshire PLC**, resolving a cyber enforcement action tied to a breach that ex...

Open Happening

LastPass customer password vault backups exposed

Data Leak
First: 05.01.2026 11:30 Last: 05.01.2026 11:30 Sources 1

About this happening: The **2022 LastPass data leak** exposed backups of about **30 million customer password vaults**, leaving more than **25 million users** with a **long-tail risk** of offline crack...

Open Happening

Escalating account takeover fraud losses across online account holders since January 2025

Target Trend
First: 26.11.2025 16:15 Last: 26.11.2025 16:15 Sources 1

About this happening: **Account takeover (ATO)** fraud losses have climbed to **more than $262m** **since January 2025**, signaling a sustained and costly fraud pattern against online account holders....

Open Happening

FBI IC3 public warning on account takeover fraud

Public Sector Action
First: 25.11.2025 19:23 Last: 25.11.2025 19:23 Sources 1

About this happening: The **FBI** issued an **IC3 public service announcement** warning that **account takeover (ATO) fraud** has caused **over $262 million** in reported losses since **January 2025**....

Open Happening

Noah Michael Urban sentencing in Scattered Spider case

Law Enforcement
First: 21.08.2025 04:47 Last: 21.08.2025 04:47 Sources 1

About this happening: **Noah Michael Urban** was **sentenced to 10 years** in federal prison in the **Scattered Spider** cybercrime case and ordered to pay **about $13 million** in restitution. The pun...

Open Happening

Timeline

  1. 12.12.2025 11:10 2 articles · 5mo ago

    ICO fines LastPass £1.2m after 2022 breach

    Legal Policy Action Update

    The UK Information Commissioner’s Office fined LastPass £1.2m ($1.6m) after finding that the password management provider failed to put sufficiently robust technical and security measures in place for a 2022 data breach that affected an estimated 1.6 million users and exposed customer names, emails, phone numbers, and stored website URLs. The regulator said there was no indication that customer passwords were decrypted, but the breach still led to enforcement over the handling of personal information.

    Show sources
    Open in new tab