LastPass Data Breach Settlement: Payout Status 2026

At a glance
- Status
- Pending final approval
- Defendant
- LastPass US LP
- Settlement fund
- $8,200,000
- Claim deadline
- July 2, 2026
- No-proof cash option
- Yes — $25 flat Statutory Payment (no documentation, requires active Consumer Premium/Family/Business account with vault content at time of incident) OR, in lieu of it, documented Ordinary/Extraordinary Loss Relief; CA residents may additionally claim $100 CCPA Statutory Damages, or up to up to $300 Ordinary Loss Relief + up to $10,000 Extraordinary Loss Relief (documented, general fund); separately, cryptocurrency losses reimbursed up to $900,000 per individual claimant, subject to an aggregate $16,250,000 Crypto Pool cap, adjudicated by a court-appointed Special Master (Bruce A. Friedman, Esq.) and itself subject to a further pro rata reduction after Special Master/expert fees
- Max documented payout
- $300
- Official site
- www.lastpasssettlement.com
- Court
- United States District Court for the District of Massachusetts (Hon. Patti B. Saris)
- Case number
- 1:22-cv-12047-PBS, No. 1:22-cv-12047-PBS
Last verified July 16, 2026
Key dates
| Milestone | Date | What it means |
|---|---|---|
| Claim deadline | July 2, 2026(passed) | Last day to file for a payment |
| Opt-out (exclusion) deadline | June 2, 2026(passed) | Last day to leave the settlement and keep the right to sue |
| Objection deadline | June 2, 2026(passed) | Last day to object to the terms |
| Final approval hearing | July 14, 2026(passed) | When the judge decides whether to approve the settlement |
| Expected payout | Not yet scheduled | Payments are not sent until after final approval and any appeals |
Where to file
The only place to file is the official settlement website:
Verify on the official sitewww.lastpasssettlement.com
Filing is free. No legitimate settlement charges a fee to file a claim.
You cannot file on RecordingLaw.com. We are an independent publisher, not the settlement administrator, and we are not affiliated with any court, agency, or defendant.
What Happened
LastPass, the password manager, disclosed in 2022 that intruders had breached its systems and ultimately copied data from cloud-based backup storage, including many customers' encrypted vaults. That vault data is the reason this breach worries people more than a typical breach does: a LastPass vault can hold saved website passwords, and for some users, secrets like cryptocurrency wallet seed phrases or private keys.
Plaintiffs in the resulting lawsuits allege that some class members later had cryptocurrency stolen after their encrypted vaults were cracked using information taken in the 2022 incident. That is an allegation, not a proven fact for every class member, but it is the reason this settlement has an entire separate payment track just for crypto losses.
The consolidated case, In re LastPass Data Security Incident Litigation, case number 1:22-cv-12047-PBS, is before Judge Patti B. Saris in the U.S. District Court for the District of Massachusetts. Fourteen named plaintiffs represent the class. LastPass has not admitted wrongdoing; it agreed to settle to resolve the claims.
The settlement site does not state an exact number of people in the class. If you are unsure whether you are covered, the class definition is broad on paper but specific in practice: it turns on whether LastPass has records showing your account was allegedly compromised and had vault content stored at the time, not on whether you personally noticed anything unusual.
Where the Settlement Stands Right Now, and Why You Have Not Been Paid
As of July 16, 2026, this settlement is pending final approval. It has not been paid out, and it is not finished.

The court held the final approval hearing on July 14, 2026, where Judge Saris heard arguments on whether the settlement is fair and should be approved. As of this writing, two days later, the court has not entered a final approval order. A hearing being held is not the same as a ruling; judges routinely take a settlement under advisement and issue a written order days or weeks after the hearing, sometimes longer.
The claim deadline, July 2, 2026, has already passed, so the settlement is not accepting new claims regardless of what happens with final approval next. If you filed by that date, your claim is in the queue. If you did not, there is currently no way to submit one.
No payment date has been set, and none can be set until a final approval order exists. This page will not guess one.
It is also worth separating two other dates that are easy to confuse. The deadline to opt out of the settlement, and the deadline to object to it, both fell on June 2, 2026, and both have also passed. Opting out means leaving the class to keep your own right to sue separately, but it also means giving up any payment from this fund. Objecting means staying in the class while telling the court the deal is unfair. Those were choices for before the final approval hearing; neither one is still available now, and neither is the same thing as filing a claim.
The Fund Is Two Separate Pools, Not One Number
You may see this settlement described elsewhere as a flat $24.45 million fund. That is not quite right, and the difference matters for what you can realistically expect.
There are two separate pools. The first is an $8.2 million cash fund. It pays the flat $25 no-documentation payment, documented ordinary and extraordinary loss claims, and the additional $100 available to California residents.
The second is a Crypto Pool, capped at $16.25 million. Unlike the cash fund, this is not a pot of money sitting ready to be divided; it is a ceiling. It pays only cryptocurrency-loss claims that a court-appointed Special Master, Bruce A. Friedman, Esq., individually reviews and validates, then pays pro rata if validated claims add up to more than the cap allows. The $24.45 million total is only reached if every dollar of both pools is actually paid out, which is not guaranteed for either one.
How Much People Realistically Get
Start with the tier most people will actually use. If you have, or had at the time of the 2022 incident, an active LastPass Consumer Premium, Family, or Business account with vault content, you may be eligible for a flat $25 statutory payment with no documentation required. California residents may additionally claim $100 in CCPA statutory damages.
Instead of the flat payment, you can submit a documented-loss claim: up to $300 for ordinary losses, such as time spent or minor unreimbursed costs, or up to $10,000 for extraordinary losses. Both come from the general cash fund, and both require records tying the loss to this breach. Like every figure paid from the cash fund, actual amounts are subject to pro-rata adjustment; the settlement pays estimates, not guarantees.
Then there is the figure that gets the most attention: up to $900,000 per claimant for documented cryptocurrency losses. Treat that number carefully. It is a per-claimant ceiling, not an expected payment and not what a typical crypto-loss claimant will see. Every crypto claim is individually adjudicated by the Special Master, reduced pro rata if validated claims exceed the $16.25 million pool cap, and reduced further by Special Master and expert fees before anyone is paid. Realistically, most people should not expect anywhere near $900,000. That figure exists to cap the largest documented individual losses, not to describe a normal outcome.
What Proof You Need, by Tier
The $25 statutory payment needs no proof of loss, only that you had a qualifying active account with vault content at the time of the incident. The $100 CCPA payment needs only California residency at the relevant time.

Ordinary and extraordinary loss claims need documentation: receipts, statements, or other records showing an actual, unreimbursed loss connected to the 2022 incident, up to the applicable cap. Cryptocurrency-loss claims need the most: records establishing that the loss occurred, its dollar value, and a credible connection to the breach, since the Special Master reviews each one individually rather than accepting a self-certified number.
How Filing Worked
Filing was free and only ever available through the official settlement site. The claim deadline was July 2, 2026, and that window is now closed. If you filed on time, there is nothing further to submit while the case awaits final approval. If you missed it, there is currently no path to file late through this settlement.
If you did file, what happens next is mostly out of your hands. Once (and if) the court enters a final approval order, the settlement moves into claims administration: validating submitted claims, calculating pro-rata shares from the cash fund, and, for anyone who filed a crypto-loss claim, waiting on the Special Master's individual review. None of that has started in a way that produces a payment date yet, and the official settlement site remains the only place to check your own claim status rather than a search result or an unsolicited email.
If You're Worried About What Was in Your Vault
Whatever happens with final approval, the exposure from 2022 does not reset itself. If your LastPass vault held saved passwords, treat every one of them as compromised: change them, starting with financial and email accounts, and avoid reusing a password across sites.
If your master password predates the 2022 incident, change it now, and turn on multi-factor authentication if you have not already. The Cybersecurity and Infrastructure Security Agency lists enabling multi-factor authentication as one of the most effective single steps anyone can take to keep an account safe even after a password is exposed.
If you stored cryptocurrency wallet keys or seed phrases in a LastPass vault and have not already moved those funds to a new wallet with new keys, do that regardless of where this settlement ends up. A settlement payment, even at the maximum, will not replace stolen cryptocurrency dollar for dollar.
More broadly, a free credit freeze at all three major bureaus, Equifax, Experian, and TransUnion, blocks new credit from being opened in your name and costs nothing. Our guide to freezing your credit after a data breach walks through all three, step by step. If you already suspect identity theft, IdentityTheft.gov, the FTC's free recovery site, builds a personalized recovery plan.
A Credit Freeze Is Free. Some Coverage Isn't.
A freeze at all three bureaus is the strongest, free defense against someone opening new credit in your name. If your vault also held financial accounts, Aura adds broader monitoring, including dark-web alerts, on top of the free basics above. Worth a look for your own protection once you've changed your passwords.
See Aura's Monitoring PlansAffiliate disclosure: if you sign up through this link we may earn a commission, at no extra cost to you. Learn more
More Open and Closed Settlements
If LastPass is not the only breach notice in your inbox, our data breach settlement tracker lists the settlements we have verified, open and closed.

Frequently Asked Questions
Is the LastPass data breach settlement still accepting claims?
No. The claim deadline was July 2, 2026, and that window is closed. As of July 16, 2026, the LastPass settlement is not accepting new claims.
Has the LastPass settlement received final approval?
Not yet, as of July 16, 2026. The court held the final approval hearing on July 14, 2026, but had not entered a final approval order as of this writing; a ruling could still take additional time.
How much does the LastPass settlement pay?
Most eligible claimants can choose a flat $25 statutory payment with no documentation, plus $100 more for California residents, or a documented-loss claim of up to $300 for ordinary losses or up to $10,000 for extraordinary losses; all cash-fund amounts are estimates subject to pro-rata adjustment.
What is the $900,000 crypto figure in the LastPass settlement?
It is a per-claimant ceiling for documented cryptocurrency-loss claims, not an expected payout. Each crypto claim is individually reviewed by a court-appointed Special Master and paid pro rata from a separate $16.25 million pool, so most claimants will receive far less than $900,000.
Is the LastPass settlement fund really $24.45 million?
Only as an upper limit. The settlement has two separate pools, an $8.2 million cash fund and a Crypto Pool capped at $16.25 million that pays only validated cryptocurrency-loss claims; $24.45 million is what both pools would total only if every dollar of each were paid out.
When will I get paid from the LastPass settlement?
There is no payment date as of July 16, 2026. Payment cannot begin until a final approval order is entered, and Crypto Pool claims are then adjudicated separately by a Special Master, so those payouts may take longer to resolve than the flat cash payments, so crypto payouts could arrive later than cash payouts.
Who is in the LastPass settlement class?
You may be a class member if your LastPass account was allegedly compromised in the 2022 LastPass Data Security Incident and you had content stored in your vault at the time. The official settlement site does not state an exact class size.
Did LastPass settlement claimants really have cryptocurrency stolen?
That is an allegation in the case, not an established fact for every class member. Some plaintiffs allege their encrypted vaults were later cracked using data taken in the 2022 incident and their cryptocurrency stolen, which is why the settlement created a separate Crypto Pool claims process adjudicated by a Special Master.
I had a LastPass vault. What should I do now, regardless of the settlement?
Change your master password if it predates the 2022 incident, turn on multi-factor authentication, and change any passwords that were stored in your vault, starting with financial and email accounts. If you stored cryptocurrency keys or seed phrases in the vault and have not moved those funds, do so regardless of how this settlement resolves.
How to tell a settlement notice is real
Check the case name, case number, and court against the official settlement site. Go to that site directly instead of clicking a link in an email or text. Nobody legitimate will call, text, or email out of the blue asking for your Social Security number, bank account, or card details, and nobody will charge you to file. Report anyone who does at ReportFraud.ftc.gov.
Informational only. Not legal, tax, or financial advice, and not affiliated with any settlement.
RecordingLaw.com is an independent legal-information publisher. We are not a law firm, not a settlement administrator, and not affiliated with, endorsed by, or acting on behalf of any court, government agency, defendant, or claims administrator described on this page. Reading this page does not create an attorney-client relationship.
We do not process claims and we never collect your claim information. You cannot file a claim on RecordingLaw.com. To file, opt out, object, or check your status, use only the official settlement administrator identified above. We link to it for your convenience.
Filing a legitimate claim is free. No legitimate settlement or administrator will charge you a fee to file, or ask for your Social Security number, bank, or card details by unsolicited call, text, or email. If someone does, it is likely a scam. Report it at ReportFraud.ftc.gov.
Deadlines, amounts, and approval status change and are set by the court. We verify against the official administrator and court records, but confirm the current details on the official site before acting. Nothing here guarantees eligibility, a payment, or any amount. Settlement payments may be taxable. See IRS Publication 4345. and consult a tax professional. For advice about your specific situation, consult a licensed attorney in your state. Affiliate disclosure.
Sources and References
- In re LastPass Data Security Incident Litigation, Official Settlement Website (Home)(lastpasssettlement.com)
- LastPass Data Security Incident Litigation, Frequently Asked Questions (official)(lastpasssettlement.com)
- U.S. District Court, District of Massachusetts: Court filing, In re LastPass Data Security Incident Litigation, No. 1:22-cv-12047-PBS (via GovInfo.gov)(govinfo.gov).gov
- IdentityTheft.gov (Federal Trade Commission)(identitytheft.gov).gov
- Credit Freezes and Fraud Alerts: What's Right for You? (FTC Consumer Advice)(consumer.ftc.gov).gov
- More Than a Password: Enable Multi-Factor Authentication (Cybersecurity and Infrastructure Security Agency)(cisa.gov).gov