LastPass $24.45 Million Data Security Incident Settlement
LastPass $24.45 Million Data Security Incident Settlement

If you received an email notice from LastPass about the 2022 data security incident or about this settlement, you may be eligible to claim between $25 and $900,000 from a class action settlement.

LastPass US LP has agreed to pay up to $24,450,000 to resolve a class action lawsuit that arose from a data security incident occurring between August and November 2022. The lawsuit alleged that LastPass failed to adequately protect user data, leading to the exposure of both encrypted and unencrypted backup storage data.

While LastPass denies any wrongdoing, the company has agreed to settle the claims to avoid the uncertainty and expense of further litigation.

Who can file a claim?

To be eligible for benefits from this settlement, individuals or entities must meet the following criteria:

  • Received an email notice from LastPass about the 2022 data security incident or about this settlement
  • Had a LastPass account that was allegedly compromised, extracted, copied, stolen, or otherwise exposed during the August–November 2022 incident
  • The account contained data at the time of the incident
  • Be residing in the United States, or a company/entity registered to do business in the United States

The settlement class includes:

  • Individuals with Consumer Free, Consumer Premium, Consumer Family, or Business Accounts
  • Organizations or entities registered in the US with affected LastPass accounts

If you are unsure about your eligibility, you can visit the official settlement website at www.LastPassSettlement.com, call 1-877-748-1875, or email info@LastPassSettlement.com for help.

How much are LastPass settlement payouts?

The settlement offers a several types of benefits, both monetary and non-monetary, depending on account type, residency, and losses.

  • In-Kind Relief:
    • A complimentary 6-month upgrade to a Consumer Premium Account for those who were Consumer Free Account users at the time of the incident (must be claimed)
    • Dark Web Monitoring services for all LastPass users (provided automatically)
  • Cash Benefits:
    • $25 statutory payment for eligible Consumer Premium, Consumer Family, or Business Account holders with vault content
    • Up to $300 reimbursement per claimant for documented ordinary losses fairly traceable to the incident
    • Up to $10,000 reimbursement per claimant for documented extraordinary losses caused by the incident
    • $100 CCPA statutory damages payment for eligible California residents (in addition to other benefits)
  • Crypto Pool Benefits:
    • Up to $900,000 per claimant for validated cryptocurrency losses allegedly caused by the incident,
    • Payouts are subject to a $16.25 million aggregate cap

All cash and crypto benefits are subject to pro rata distribution, which means the actual payment may be increased or decreased depending on the number of valid claims and the total costs deducted from the fund.

How are the payouts prorated?

Statutory Payments: Cash statutory payments will be made from the $8.2 million cash settlement fund. If 50,000 people claim the $25 statutory payment, the total payout would be $1,250,000. If 200,000 people claim, the payout per person would be $8,200,000 / 200,000 = $41, but since there are other types of claims and costs, the actual amount per claimant may be less after deducting fees and other expenses.

Crypto Pool Payments: Validated claims for cryptocurrency losses can be reimbursed up to the total cap of $16,250,000 for all such claims. If, for example, there is $13 million left after costs for valid crypto claims and the total approved crypto claims equals $20 million, the proration factor is $13,000,000 / $20,000,000 = 0.65. So:

  • An approved $100,000 crypto claim would pay about $65,000
  • An approved $900,000 crypto claim would pay about $585,000

How to claim a LasPass payout

To receive a payout and benefits, class members must submit a claim form. Claims can be filed online using the online claim form or by mailing a completed PDF claim form to the settlement administrator.

Settlement administrator's mailing address: LastPass Data Security Incident Litigation Settlement Administrator, P.O. Box 2230, Portland, OR 97208-2230

Claims must be submitted online or postmarked by July 2, 2026. To file online, you will need the Unique ID and PIN provided in your email notice. If you did not receive or lost your notice, contact the settlement administrator at 1-877-748-1875.

For mail-in claims, fill out, sign, and date the claim form and mail it with any required documentation to the settlement administrator.

Required documentation

Claimants must provide documentation for certain types of claims:

  • Ordinary and extraordinary loss claims: submit receipts, invoices, bank or credit card statements, or other documents showing actual, unreimbursed losses related to the incident.
  • CCPA statutory damages: California residents must attest to residency at the time of the incident and that certain types of information were stored in their LastPass vault.

For cryptocurrency loss claims, documentation must be submitted online and are subject to additional screening:

  • Tier 1 claimants: those whose compromised wallet private keys/seed phrases are confirmed as having been stored in the backup copy of their vaults
  • Tier 2 claimants: those who cannot recall their master password to open the backup copy of their vaults. Additional forms of proof are required to verify:
    • Compromised wallet private keys/seed phrases were actually stored in the claimant's LastPass vaults at the time of the incident
    • Where within the LastPass vault did the claimant store the impacted private key/seed phrase (e.g., Secure Note or within the notes section of a credential for a website, etc.)

Tier 1 claimants will have their claims processed by a Special Master until all claims are processed. Tier 2 claimants will have their claims processed only after all Tier 1 claimants are finalized.

Step-by-step instructions

Follow these steps to submit a claim:

  1. Gather your Unique ID and PIN from your email notice. If you do not have these, contact the settlement administrator at 1-877-748-1875.
  2. Collect all supporting documentation for your claim (receipts, statements, etc.).
  3. Go to the online claim form or download the PDF claim form.
  4. Complete all required fields, including name, address, account type, and claim details.
  5. Select your desired benefit(s) and upload or attach supporting documentation.
  6. Submit the form online or mail it to the settlement administrator at LastPass Data Security Incident Litigation Settlement Administrator, P.O. Box 2230, Portland, OR 97208-2230.
  7. Keep your confirmation code or mailing receipt for your records.

What are the LastPass Settlement payout options?

Claimants can choose how to receive their payment:

  • Physical check
  • Electronic payment (requires a valid email address)

How will the settlement funds be distributed?

The $8.2 million non-reversionary settlement fund will cover:

  • Settlement administration costs: To be determined
  • Attorneys' fees: Up to $2,870,000 (35% of the settlement fund)
  • Service awards to class representatives: Up to $140,000 ($10,000 to each of the 14 class representatives)
  • Statutory Payments to class members: Remainder of the fund after above fees and costs

The Crypto Pool fund of up to $16.25 million will cover:

  • Special Master administration costs: To be determined
  • Attorneys' fees: Up to $5,687,500 (35% of valid cryptocurrency claims)
  • Crypto Pool Payments to class members: Prorated amount of the fund depending on the number of valid claims submitted

Important dates

  • Deadline to file a claim: July 2, 2026
  • Deadline to exclude yourself: June 2, 2026
  • Final approval hearing: July 14, 2026

When is the LastPass Settlement payout date?

Payout dates differ between the regular cash settlement fund and the Crypto Pool fund. The court will hold a final approval hearing on July 14, 2026, to determine whether to approve the settlement.

Non-reversionary settlement fund payments

Regular cash settlement fund payments will be made, at the earliest, in September or October of 2026.

Let's assume there are no deficiencies, like appeals or objections, and the final approval order is entered 7 days after the hearing:

  • Final approval hearing: July 14, 2026
  • Final approval order entered: July 21, 2026 (assumed)
  • 30-day appeal window expires: August 20, 2026
  • Effective Date: August 21, 2026
  • Settlement fund cash payments deadline: October 5, 2026 (within 45 days of effective date)

Crypto Pool payments

Crypto Pool payments have a slower and less fixed timeline. The court may schedule another hearing after the final approval hearing to approve Crypto Pool payments.

Crypto Pool payments will be made, at the earliest, around March 2027.

Using the same assumptions as above:

  • Effective Date: Aug. 21, 2026
  • Special Master claimant-list deadline: December 21, 2026 (4 months later)
  • Administrator final-invoice deadline: January 21, 2027 (+30 days)
  • Crypto Pool funding deadline: February 20, 2027   (+30 days)
  • Crypto disbursement deadline: March 17, 2027 (+30 days)

Sources

  1. Settlement agreement
  2. Settlement website FAQ page
  3. Claim form
  4. Long form notice
  5. Cryptocurrency Theft Claims Process
Settlement Open for Claims
Award:
$25 - $900,000
Deadline:
July 2, 2026
SUBMIT CLAIM