Back to Explorer
UK GDPRTechnologyHigh Severity

LastPass UK Ltd

€1,424,808

Authority

ICO

Country

United Kingdom

Date Issued

November 19, 2025

Industry

Technology

Summary

LastPass UK Ltd was fined £1,228,283 by the ICO for failing to implement appropriate technical and organizational security measures, resulting in a data breach affecting approximately 1.6 million UK customers whose personal data was exfiltrated from backup databases. The violation involved infringements of UK GDPR Articles 5(1)(f) and 32(1)(f) concerning data integrity, confidentiality, and security obligations.

Violation Types

SecurityData BreachRisk Assessment

Articles Violated

View original enforcement decision

Related Enforcement Actions

Reddit, Inc.

ICO · UK GDPR · February 22, 2026

€17M

Capita plc and Capita Pension Solutions Ltd

ICO · UK GDPR · October 14, 2025

€16M

TikTok Inc.

ICO · UK GDPR · May 14, 2023

€15M

Advanced Computer Software Group Limited

ICO · UK GDPR · March 25, 2025

€4M

Police Service of Northern Ireland

ICO · UK GDPR · October 2, 2024

€870K

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate UK GDPR compliance before regulators come knocking.

Talk to an Expert