in Newswire Published on December 6, 2022

LastPass’s ‘Deficient’ Cybersecurity Caused 2022 Data Breach, Class Action Claims

by Kelly Mehorter

Last Updated on December 12, 2022

View Comments

Debt Cleanse Group Legal Services, LLC v. GoTo Technologies USA, Inc. et al

Filed: December 2, 2022 § 1:22-cv-12047

Read Complaint

LastPass US LP and GoTo Technologies USA face a class action that claims the companies’ inadequate cybersecurity practices resulted in a data breach in August 2022.

Defendant(s)

GoTo Technologies USA, Inc. LastPass US LP

Law(s)

State(s)

Massachusetts

Categories

Privacy Data Breach

LastPass US LP and affiliate GoTo Technologies USA face a proposed class action that claims the companies’ inadequate cybersecurity practices resulted in a data breach in August 2022, compromising customers’ financial and personal information.

The 31-page case alleges the defendants have falsely advertised that LastPass’s password management service utilizes “robust” data security procedures. Based on these promotions, the plaintiff, Debt Cleanse Group Legal Services, purchased an enterprise subscription to LastPass in 2018 so its employees could use the program to store passwords, the filing claims.

Although the service purports to offer superior data protection, the defendants employed “deficient and unreasonable” cybersecurity practices, such that an unauthorized third party infiltrated LastPass and GoTo’s shared network in August of this year, the complaint contends. Per the suit, the system contains sensitive customer data, including financial account information, names, addresses, contact information and account passwords, that has likely been copied, sold and used for criminal activity such as identity theft or fraud.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

According to the case, LastPass discovered the data breach in August and released public statements on August 25 and September 15, relaying that no customer information was under threat. However, in an “unreasonably” delayed notification published on November 30, LastPass admitted that “the criminals accessed certain elements” of customer information, the suit says. The notice also stated that consumers’ passwords were still secure, which is a report based on LastPass’s “incomplete and ongoing” investigation, the filing charges.

“Each new notice revealed that the Data Breach was worse than before, while continuing to falsely allay reasonable concerns that Customer Information was taken or the Data Breach was serious,” the case states.

The case relays that the plaintiff would not have purchased LastPass’s service had it known that the defendants would not properly safeguard their network.

The lawsuit looks to cover anyone whose customer information was accessed in the LastPass and GoTo data breach discovered in August 2022.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Hair Relaxer Lawsuits

Women who developed ovarian or uterine cancer after using hair relaxers such as Dark & Lovely and Motions may now have an opportunity to take legal action.

Read more here: Hair Relaxer Cancer Lawsuits

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on December 12, 2022 — 11:17 AM

Kelly Mehorter

kelly@classaction.org

Kelly works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.