United Kingdom
LastPass UK Ltd
1,400,000 €
GDPR enforcement action by Information Commissioner (ICO) on 2025-11-20.
Rank · Sector
#30
of 597 in Industry and Commerce
Rank · United Kingdom
#13
of 28
Rank · All fines
#147
of 3,050
Case details
- Authority
- Information Commissioner (ICO)
- Date
- 2025-11-20
- Controller / Processor
- LastPass UK Ltd
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 5 (1) f) UK GDPR, Art. 32 (1) UK GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The UK DPA has imposed a fine of £ 1,228,283 (EUR 1,400,000) on LastPass UK Ltd. The controller suffered a succesfull cyber attack due to insufficient technical and organisational measures to ensure data security.
Open original source
Links to the regulator's original publication or another source.
Related fines
United Kingdom
2020-10-16
22,046,000 €
ETid-58
British Airways
Transportation and Energy
United Kingdom
2020-10-30
20,450,000 €
ETid-60
Marriott International, Inc
Accomodation and Hospitality
United Kingdom
2026-02-23
16,610,000 €
ETid-3074
Reddit, Inc.
Media, Telecoms and Broadcasting
United Kingdom
2023-04-04
14,500,000 €
ETid-1730
TikTok
Media, Telecoms and Broadcasting
United Kingdom
2025-10-15
9,180,000 €
ETid-2898
CAPITA PLC
Industry and Commerce
United Kingdom
2022-05-18
9,000,000 €
ETid-1190
Clearview Al Inc.
Industry and Commerce