LastPass UK Ltd – €1,400,000 Fine (United Kingdom, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
LastPass UK Ltd was fined £1,228,283 because they didn't protect user data well enough, leading to a cyber attack. This matters because it shows that companies must take strong security measures to keep user information safe. Small businesses should ensure they have proper security protocols in place to avoid similar penalties.
What happened
LastPass UK Ltd suffered a cyber attack due to insufficient security measures.
Who was affected
Users whose personal data was stored by LastPass UK Ltd were affected.
What the authority found
The Information Commissioner's Office found that LastPass failed to implement adequate technical and organizational measures to protect personal data.
Why this matters
This case highlights the importance of data security for all companies, especially those handling sensitive user information. It serves as a reminder for small businesses to prioritize cybersecurity to avoid costly fines.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The UK DPA has imposed a fine of £ 1,228,283 (EUR 1,400,000) on LastPass UK Ltd. The controller suffered a succesfull cyber attack due to insufficient technical and organisational measures to ensure data security.
Related Enforcement Actions (0)
No other enforcement actions found for LastPass UK Ltd in UK
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 November 2025
Authority
Information Commissioner's Office
Fine Amount
€1,400,000
Enforcement Tracker ID
ETid-2972
About this data
Cite as: Cookie Fines. LastPass UK Ltd - United Kingdom (2025). Retrieved from cookiefines.eu
Last updated: