Yes, claim submissions are open for the $24.45 million LastPass data breach settlement, and eligible affected users can file claims online at www.LastPassSettlement.com or by mail through July 2, 2026. If you had a LastPass account that was compromised in the August-November 2022 breach and experienced documented losses—whether that’s unauthorized charges, cryptocurrency theft, or identity theft recovery costs—you may be eligible for compensation ranging from $25 to $900,000 depending on the type and amount of loss you can verify. This settlement resolves a major data security incident that exposed encrypted and unencrypted backup data from millions of password manager users, and this article covers how to determine if you qualify, what evidence you need to gather, how to submit a claim, and what the timeline looks like as this settlement moves toward final court approval.
Table of Contents
- What Was the LastPass Data Breach and Who Does the Settlement Cover?
- How Much Money Is Available and How Are Claims Categorized?
- What Types of Losses Qualify for Compensation?
- How to File Your Claim: Step-by-Step Process
- What You Need to Know About Documentation Requirements
- Timeline and What Happens After You File
- The Broader Implications for Password Manager Users
- Conclusion
What Was the LastPass Data Breach and Who Does the Settlement Cover?
LastPass experienced a significant data breach between August and November 2022, during which attackers gained unauthorized access to customer account information stored in both encrypted and unencrypted backup vaults. The breach affected LastPass users globally, including U.S. residents, businesses registered in the U.S., and Canadian residents. The company discovered the incident during their investigation into unusual activity and disclosed the scope over several weeks as they determined what information had been exposed.
While LastPass uses encryption for password vault contents, the breach compromised enough information that many users faced follow-up fraudulent charges, identity theft, and other financial harms. To be eligible for the settlement, you must have been a LastPass customer—either individual or business—whose account was affected during the breach window and, depending on the type of claim, may need to document specific losses. U.S. residents and businesses can claim through the main settlement, while Canadian residents have a separate but concurrent settlement offering compensation up to $500 Canadian dollars.
How Much Money Is Available and How Are Claims Categorized?
The total settlement fund is $24.45 million, divided into two distinct categories: $8.2 million for general ordinary claims and $16.25 million specifically allocated for claims involving documented cryptocurrency losses. This structure reflects the reality that some victims of the breach experienced particularly severe losses when attackers gained access to cryptocurrency holdings or wallet information stored in password managers. For example, a user who had a hardware wallet passphrase stored in their LastPass vault and subsequently lost $50,000 in digital assets would have a claim pathway specifically designed to address crypto-related losses, separate from someone whose claim involves identity theft monitoring costs or fraudulent credit card charges.
Individual claim awards typically range from $25 to $900,000, though the actual payout depends on documented losses and the number of valid claims received. Higher awards go to claimants with substantial verified losses and clear evidence of harm. However, if claim submissions dramatically exceed the available settlement fund, payments may be reduced proportionally—meaning if twice as many valid claims arrive as the fund can fully cover at the claimed amounts, each approved claim might receive 50 percent of its awarded value. This is a common feature of large settlements and represents why it’s important to file before the deadline rather than wait to see what others claim.
What Types of Losses Qualify for Compensation?
The settlement recognizes several categories of legitimate losses stemming from the breach. Ordinary loss claims cover direct financial harms such as unauthorized charges to credit or debit cards, identity theft-related expenses, credit monitoring fees, costs to recover compromised cryptocurrency, and expenses for credit freezes or fraud resolution services. These claims require documentation—receipts, invoices, bank statements, credit card billing statements showing disputed charges, or proof of services purchased like credit monitoring enrollment. If you incurred $300 in fraudulent charges on a credit card after the breach and can show those charges were unauthorized and the breach exposed your payment information, that $300 becomes a documentable loss. The cryptocurrency loss category exists because several LastPass users stored cryptocurrency recovery phrases, private keys, or wallet passphrases within their password managers.
When the breach exposed this information, attackers could access and drain these digital assets. Crypto claims require proof that the wallet or exchange account was accessed after the breach date and that funds were moved or stolen. Documentation might include blockchain transaction records, exchange account activity logs showing unauthorized transfers, and bank records reflecting the original value at the time of loss. A user who lost $15,000 in Bitcoin after an attacker discovered their wallet seed phrase in the compromised LastPass vault can claim this documented loss separately from ordinary claims.
How to File Your Claim: Step-by-Step Process
Filing a claim requires access to your settlement notice, which contains a Unique ID and PIN required to log into the claims portal. The official website, www.LastPassSettlement.com, hosts the claims submission system where you can file online. The process involves verifying your identity using the credentials from your settlement notice, selecting the type of loss(es) you experienced, describing the incident, and uploading supporting documentation. For example, someone claiming $450 in fraudulent charges would upload credit card statements showing those transactions were unauthorized, and if the claim includes identity theft services purchased after the breach, they’d add invoices from the credit monitoring company or proof of payment. Alternatively, you can call the Settlement Administrator at 1-877-748-1875 for assistance, or mail a completed claim form to: LastPass Data Security Incident Litigation Settlement Administrator, P.O.
Box 2230, Portland, OR 97208-2230. The critical deadline for all claims is July 2, 2026 at 11:59 p.m. Eastern Time for online submissions, or the date the form is received by mail if filing by post. This deadline is firm, and claims arriving after this time are typically rejected. If you’re still gathering documentation or uncertain whether you have sufficient proof of loss, the earlier you start, the more time you have to locate old bank statements or contact service providers for proof of payments.
What You Need to Know About Documentation Requirements
The key barrier to claim approval is documentation. LastPass and the settlement administrator will not award money based on your word alone that you suffered losses—they require tangible proof. If you claim you lost cryptocurrency, you need blockchain evidence or exchange records showing the unauthorized transfer. If you’re claiming identity theft expenses, you need the actual bills from credit monitoring services or receipts for credit report freezes. If you’re claiming fraudulent charges, you need bank or credit card statements clearly showing the disputed transaction, the date it posted, and confirmation that you reported it as unauthorized.
However, not every type of loss requires expensive documentation. Someone who paid a $20 annual fee for credit monitoring after the breach can typically provide the charge confirmation from their bank and a statement from the monitoring service explaining why they enrolled—this is usually sufficient. The difficulty arises with older claims where you may have deleted email confirmations or no longer have statements. In these cases, some victims have successfully requested statement copies from financial institutions or contacted vendors to request duplicate documentation of historical charges. Keep in mind that the claims window is tight—you have until July 2, 2026—so if you’re missing documentation, consider reaching out to your credit card company, bank, or service providers now rather than waiting until June when response times may be slower.
Timeline and What Happens After You File
After you submit your claim, the settlement process continues on a defined schedule. The final hearing for court approval of the settlement is scheduled for July 14, 2026—just 12 days after the claims deadline. This means the judge will review the settlement terms and any final objections right around mid-July.
Assuming the court approves the settlement (which is not guaranteed, though initial nods from the court have been positive), claim review typically begins. The Settlement Administrator will examine submitted claims to verify eligibility and that documentation supports the claimed loss amount. This review process can take weeks or even months depending on the volume of claims received and the complexity of individual claims. Claimants may receive settlement checks by fall 2026 or early 2027, depending on how quickly claims are adjudicated and approved.
The Broader Implications for Password Manager Users
The LastPass settlement represents one of the largest data breach settlements in the password manager industry, and it sends a message about corporate accountability for security failures. However, it also highlights why choosing a password manager requires weighing security practices, not just convenience.
Some password managers have had security reviews and disclosure policies that differ from LastPass’s handling of the 2022 incident. For users considering whether to remain with LastPass or switch, the company has since implemented additional security measures, including zero-knowledge architecture improvements and enhanced encryption. The settlement itself is not an admission of negligence in a legal sense, but it does acknowledge that victims of the breach experienced real financial harm that warranted compensation.
Conclusion
The LastPass data breach settlement provides a meaningful opportunity for affected users to recover documented losses, with the claims process now open and lasting until July 2, 2026. To maximize your chances of approval and compensation, begin gathering documentation immediately—bank statements, credit card records, invoices from services you purchased, cryptocurrency transaction records if applicable—and file your claim well before the deadline rather than waiting until the last days when technical issues or overwhelming volume could cause problems.
Visit www.LastPassSettlement.com to log in with your settlement notice credentials and file online, or call 1-877-748-1875 for help navigating the process. The settlement fund of $24.45 million is divided between general claims and cryptocurrency-specific losses, so evaluate whether your claim falls into one or both categories and ensure you upload all available evidence of your losses. With final court approval hearing scheduled for mid-July and claim review to follow, the next few months are the critical window for taking action.