$8.2M LastPass Data Breach Settlement, Are You Owed Money for the 2022 Hack? Claim It before July 2, 2026

LastPass US LP agreed to pay up to $24,450,000 to settle a class action lawsuit stemming from a 2022 cyberattack that exposed millions of users’ encrypted password vaults, private keys, and personal data. The settlement breaks into two parts: an $8,200,000 cash fund for general losses and a separate $16,250,000 crypto pool for users whose cryptocurrency was stolen using private keys stored in LastPass. If you had a LastPass account in 2022, you may qualify for cash, crypto reimbursement, free credit monitoring, or a premium account upgrade. The claim deadline is July 2, 2026.

Quick Facts

Field	Detail
Settlement Amount	$8,200,000 (general fund) + $16,250,000 (crypto pool) = $24,450,000 total
Claim Deadline	July 2, 2026
Who Qualifies	U.S. residents and businesses with LastPass accounts whose data was compromised between August–November 2022
Payout Options	$25 flat (no proof); up to $300 ordinary losses; up to $10,000 extraordinary losses; up to $900,000 crypto losses; $100 extra for California residents
Proof Required	No — for $25 flat payment. Yes — for loss and crypto claims
Settlement Status	Preliminarily Approved — Open for Claims
Administrator	Epiq Global / LastPass Settlement Administrator
Official Website	lastpasssettlement.com
Administrator Phone	1-877-748-1875
Final Approval Hearing	July 14, 2026 at 2:30 p.m. — Boston, MA

Where Things Stand Right Now

• The $8.2 million LastPass class action settlement received preliminary approval from the court on February 2, 2026 and the official claim portal is now live at lastpasssettlement.com.
• The opt-out and objection deadlines are both June 2, 2026 — act before that date if you want to preserve your right to sue LastPass independently.
• The court will hold a Final Approval Hearing on July 14, 2026, at 2:30 p.m. before the Honorable Patti B. Saris, Senior District Court Judge for the United States District Court for the District of Massachusetts.

What Happened in the 2022 LastPass Breach?

LastPass is one of the most widely used password managers in the world — a service people trust with every login they have, from email and banking to crypto wallets and healthcare accounts. In 2022, that trust was broken.

Between August and November 2022, an attacker infiltrated LastPass’s backup servers and stole both encrypted and unencrypted data. Some affected users later reported losses from cryptocurrency wallets, and millions of dollars in stolen cryptocurrency have been attributed to the leak.

The class action alleged that LastPass failed to prevent an unauthorized actor from exfiltrating reams of source code and technical information, which was later used to steal credentials and keys to the company’s cloud-based storage service. What made the breach especially serious is what attackers walked away with — not just email addresses, but the actual encrypted vaults containing every password, secure note, and private key that users had stored inside LastPass.

Related article: $19M Village of Old Westbury Loses Religious Discrimination Case Over Chabad Synagogue

Even though the vaults were encrypted, attackers could attempt to crack them offline using brute force methods, especially for users with weak master passwords. For users who stored cryptocurrency wallet private keys or seed phrases in LastPass, the breach had direct financial consequences — with some individuals losing life-changing amounts of money.

LastPass has chosen to settle the case while admitting no misconduct. A representative stated: “While we continue to deny the alleged claims, we have agreed to a settlement to avoid the ongoing distraction and uncertainty of protracted litigation.”

Who Qualifies to File a Claim?

The settlement covers all natural United States residents, as well as all companies, entities, and organizations registered to do business in the U.S., whose LastPass accounts may have been compromised, extracted, copied, stolen, or otherwise exposed as a result of the 2022 LastPass data breach, and whose account actively contained data at the time of the incident.

You may qualify if you meet the following:

• You may qualify if you received an email notice from LastPass about the 2022 data security incident in November or December 2022, or received a notice about this settlement.
• You may qualify if you had an active LastPass account between August and November 2022 that contained stored data — passwords, secure notes, credit cards, or other vault contents.
• You may qualify if you were a free, premium, family, or business LastPass account holder at the time of the breach.
• You may qualify if you stored cryptocurrency private keys or seed phrases in your LastPass vault and subsequently lost funds tied to those keys.
• You may qualify if you are a California resident who had a LastPass account at the time — you are eligible for an additional $100 payment under the California Consumer Privacy Act (CCPA).

If you did not receive an email notice or have lost yours, contact the settlement administrator at 1-877-748-1875 for assistance — they can look you up using the email address associated with your LastPass account.

How Much Can You Receive?

The settlement offers five distinct benefit tiers. You can also combine some of them.

$25 Flat Statutory Payment — No Proof Required

For eligible consumer premium, consumer family, or business account holders with vault content, a $25 statutory payment is available. This requires no documentation — just confirmation of your account type and that your vault contained data at the time of the breach. Free account users do not qualify for the $25 payment but can still claim other benefits.

Up to $300 — Ordinary Losses (Documentation Required)

For documented ordinary losses fairly traceable to the incident, up to $300 reimbursement per claimant is available. This covers out-of-pocket expenses such as credit monitoring services you paid for, fees to freeze or unfreeze your credit, identity theft insurance premiums, or other direct costs you incurred as a result of the breach.

Up to $10,000 — Extraordinary Losses (Documentation Required)

Per court documents, LastPass class members who submit documented proof of extraordinary losses are eligible to receive a one-time cash payment of up to $10,000. This covers severe, documented harms directly traceable to the breach — such as identity theft losses, fraudulent financial account activity, or significant professional fees paid to resolve breach-related damage. Extraordinary losses must not have already been reimbursed by another source.

Up to $900,000 — Cryptocurrency Losses (Special Review Process)

This is the most significant — and most complex — tier. Cryptocurrency losses from the $16.25 million crypto pool are available up to $900,000 per claimant for verified cryptocurrency stolen as a result of compromised private keys stored in LastPass vaults. These claimants are subject to additional screening — Tier 1 claimants are those whom LastPass confirms stored compromised wallet private keys or seed phrases in the backup copy of their vaults.

Important crypto claim warning: Do not include seed phrases, private keys, or your LastPass master password during your online submission. If you request crypto pool benefits, the settlement administrator or Special Master will contact you through a secure portal for any additional steps. Any email asking for your master password outside of that verified secure portal is a scam — not part of the legitimate settlement process.

$100 Extra — California Residents Only

California residents can claim an additional $100 payment under the CCPA. This requires attestation of residency at the time of the incident and that your LastPass vault stored certain types of information. This payment stacks on top of any other cash tier you qualify for.

Free Benefits for All Class Members

Settlement class members who currently have a LastPass account are automatically eligible to receive LastPass Dark Web Monitoring services, which include 24/7 monitoring, immediate alerts, and proactive cybersecurity protection. Former free-tier users who submit a claim form also receive a complimentary six-month upgrade to a Consumer Premium account.

How to File Your Claim Right Now

Step 1 — Locate the email notice LastPass sent you about the 2022 breach or this settlement. It contains your Unique ID (10-character alphanumeric code) and PIN (4-digit number). You need both to log in and file. If you did not receive an email notice or have lost yours, contact the settlement administrator at 1-877-748-1875 for assistance.

Step 2 — Go to lastpasssettlement.com and click “Start Your Claim.” Log in using your Unique ID and PIN.

Step 3 — Confirm your LastPass account type as of August–November 2022 (free, premium, family, or business) and confirm your vault contained data at the time of the breach.

Step 4 — Select your benefit option: $25 flat payment, ordinary loss reimbursement, extraordinary loss reimbursement, and/or crypto pool benefits. California residents should also elect the $100 CCPA payment.

Step 5 — Upload your supporting documentation if claiming losses. For ordinary and extraordinary loss claims, submit receipts, invoices, bank or credit card statements, or other documents showing actual unreimbursed losses related to the incident. Files must be under 20MB each and in standard formats (PDF, JPG, DOCX, etc.).

Step 6 — Submit your claim and save your confirmation email and code. If you are filing a crypto claim, do not submit any private keys or seed phrases in this form — the Special Master will contact you through a separate secure portal.

Step 7 — If mailing a paper claim instead: send your completed form to LastPass Data Security Incident Litigation Settlement Administrator, P.O. Box 2230, Portland, OR 97208-2230. It must be postmarked by July 2, 2026.

Estimated time to complete: Under 5 minutes for the flat $25 payment. 15–30 minutes for documented loss claims depending on documentation.

When Will You Get Paid?

The settlement administrator will begin distributing cash payments approximately 45 days after the settlement becomes final. The final approval hearing is scheduled for July 14, 2026, so the earliest cash payouts are expected around September–October 2026. Cryptocurrency claim payments will follow a separate timeline and are expected around March 2027 due to the additional verification process required.

Important Deadlines

Milestone	Date
Breach Period	August 2022 – November 2022
Preliminary Approval Granted	February 2, 2026
Claims Portal Opens	Now — live at lastpasssettlement.com
Opt-Out Deadline	June 2, 2026
Objection Deadline	June 2, 2026
Claim Filing Deadline	July 2, 2026 (11:59 p.m. ET for online; postmarked by July 2 for mail)
Final Approval Hearing	July 14, 2026 at 2:30 p.m. — Boston, MA
Expected Cash Payment Date	September–October 2026 (estimated)
Expected Crypto Payment Date	March 2027 (estimated)

Frequently Asked Questions

Do I need a lawyer to file a claim?

 No. The claim process at lastpasssettlement.com is designed for users to handle on their own. The $25 flat payment takes under five minutes. If you are filing a cryptocurrency loss claim exceeding $100,000 or suffered extraordinary financial harm, consulting a consumer protection attorney before filing may be worth your time.

Is this settlement legitimate? I got an email about it — is it a scam?

 The claim filing deadline is July 2, 2026, with legitimate settlement emails coming from [email protected] containing unique identifiers and PINs. The official website is lastpasssettlement.com and the administrator phone number is 1-877-748-1875. Never respond to any email asking for your LastPass master password, seed phrases, or private keys outside the official secure portal — those are scams.

When will I receive my payment? 

Cash payments are expected to be distributed around September–October 2026, approximately 45 days after the court grants final approval on July 14, 2026. Crypto pool payments require additional verification and are expected around March 2027.

What if I missed the claim deadline?

 The deadline is July 2, 2026 — it has not passed yet. If you miss it, you lose your right to any cash or crypto payment from this settlement. You will still be bound by the settlement and give up your right to sue LastPass separately unless you opt out before June 2, 2026.

Will this settlement payment affect my taxes?

 Payments classified as reimbursement for actual documented losses are generally not taxable. Flat statutory payments may be treated as taxable income. For cryptocurrency-related payments specifically, consult a tax professional — crypto settlements can have complex tax treatment depending on how the IRS classifies the payment.

I stored my crypto private keys in LastPass and lost funds. What do I do? 

File a claim at lastpasssettlement.com and select the crypto pool benefits option. The Special Master assigned to this case will contact you through a secure portal to collect the documentation needed to verify your losses. Do not include your seed phrases, private keys, or master password in your initial online claim form.

I had a free LastPass account. Can I still file? 

Yes, but your options are more limited. Free account users do not qualify for the $25 flat statutory payment, but they can still claim ordinary losses up to $300, extraordinary losses up to $10,000, crypto pool benefits if applicable, and a free six-month upgrade to Consumer Premium. All class members also receive Dark Web Monitoring automatically.

Can I opt out and sue LastPass on my own?

 Yes. If you want to preserve your right to bring your own lawsuit against LastPass over this breach, you must mail a written opt-out request to the settlement administrator, postmarked no later than June 2, 2026, at: LastPass Data Security Incident Litigation Settlement Administrator, P.O. Box 2230, Portland, OR 97208-2230. You cannot exclude yourself online, by telephone, or by email.

Sources & References

1. Official Settlement Website — lastpasssettlement.com
2. Official Settlement FAQ — lastpasssettlement.com/Home/FAQ

Last Updated: April 9, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.