LastPass, the cloud storage system for passwords, suffered a breach in late 2022 that has caused ripples in the security world. Some elements of user data were taken, although many were encrypted. LastPass seems to have taken the right path in terms of prompt disclosure and investigation, which should be a no-brainer at this point. This breach pinpoints why having multiple strategies is important: if someone gets in, but can only take encrypted data, your losses (and your liabilities) may be reduced. Take the opportunity to use the new year as a reset on your privacy and security practices: update everything, patch everything, review your privacy policy against your actual data practices, and give refresher training about phishing and other topics to employees.

Source: New York Times January 26, 2023 09:34 UTC