Show all guides
Europe
GDPR

UK ICO fines LastPass £1.2 million after 2022 breach affecting 1.6 million UK users

Last update:
Dec 4, 2025

The UK Information Commissioner’s Office (ICO) fined LastPass UK Ltd £1.2 million over a 2022 security breach, which impacted around 1.6 million company users in the UK. The ICO concluded that LastPass did not have sufficiently strong technical and organizational safeguards in place. The breach exposed personal details and encrypted vaults.

The alarming irony of seeing a company that aims to protect people’s data fined for a security breach does not escape the many reports on this incident. For a company like LastPass, reputational damage from a data breach is particularly significant.

The full guidelines can be found
here

Related Guides

Irish DPC Fines Meta $101 Million

September 27, 2024

The Irish data protection commission fined Meta for storing user passwords in plain text in 2019.
Europe
GDPR

Irish High Court delays operational order to TikTok during appeal

November 12, 2025

Ireland’s High Court allowed TikTok to temporarily continue transferring EU user data to China while it appeals a €530 million GDPR fine imposed by the Irish Data Protection Commission over unlawful cross-border data transfers.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only