Canadians Face Approaching Deadline to Claim Up to $500 in $4M Data Breach Settlement

Canadians Face Approaching Deadline to Claim Up to $500 in $4M Data Breach Settlement

Stick to the Facts

Add Nbsla.ca as a Preferred Source on Google to see more of our stories in your search results.

Add as a preferred source on Google

Millions of Canadians have become increasingly concerned about online privacy and cybersecurity in recent years, and one of the most significant data breach cases affecting password manager users is now reaching an important stage. Canadians impacted by the 2022 LastPass data breach may be entitled to compensation through a court-approved class-action settlement worth US$3 million, and the deadline to file a claim is fast approaching.

Individuals who qualify could receive compensation for time lost dealing with the consequences of the breach, reimbursement for eligible expenses, and even compensation for certain cryptocurrency-related losses. However, those who wish to participate must submit their claims before the June 23, 2026 deadline.

Here’s everything Canadians need to know about the LastPass class-action settlement, including who qualifies, how much money may be available, and how to file a claim before time runs out.

What Is LastPass and Why Is This Settlement Important?

LastPass is one of the world’s most widely used password management platforms. The cloud-based service allows users to securely store usernames, passwords, banking information, and other sensitive data in a digital vault protected by a master password.

Password managers have become increasingly popular because they help users create and manage strong passwords across multiple websites and applications. Instead of remembering dozens of unique passwords, users only need to remember a single master password.

Because LastPass stores highly sensitive information, users trust the platform to maintain strong security protections. That trust was shaken in 2022 when the company disclosed a major cybersecurity incident that exposed customer information.

The fallout from that breach led to multiple lawsuits, including a Canadian class-action case that has now resulted in a settlement fund available to eligible users.

Understanding the 2022 LastPass Data Breach

According to court documents, LastPass became the target of a sophisticated cyberattack in 2022.

The breach allegedly involved an unknown threat actor who gained access to company systems using credentials that had been stolen from a senior employee. Once access was obtained, the attacker was able to retrieve both encrypted and unencrypted customer information.

The incident raised concerns among cybersecurity experts and customers because of the nature of the information stored within LastPass accounts. Although encrypted information is generally more difficult to access, the exposure of customer data still created significant privacy and security concerns.

At the time of the breach, LastPass reportedly had more than 1.1 million user accounts in Canada. Court documents indicate that approximately 1,102,688 Canadian accounts existed when the incident occurred.

However, officials believe that at least 218,087 of those accounts contained no user data, meaning not every account may have been affected in the same way.

Even so, the breach impacted a substantial number of Canadian users and ultimately led to legal action seeking compensation for affected individuals.

The Canadian Class-Action Lawsuit Against LastPass

The legal proceedings were initiated by plaintiff Karan Keswani, who filed a proposed class-action lawsuit on behalf of Canadians affected by the data breach.

The lawsuit was brought before the Supreme Court of British Columbia and named several defendants, including:

GoTo Technologies USA, Inc.

The parent company associated with LastPass operations in the United States.

LastPass US LP

The U.S.-based entity directly connected to the LastPass password management service.

GoTo Technologies Canada Ltd.

The Canadian branch connected to the company’s operations.

LastPass Technologies Canada ULC

The Canadian entity associated with LastPass technology services.

The lawsuit alleged that the defendants failed to adequately protect customer information from cyber threats and did not implement sufficient safeguards to prevent unauthorized access.

Additionally, the legal claim argued that the company did not properly investigate the full scope of the breach or adequately communicate its impact to affected customers.

The allegations centered on claims of negligence and failures in data protection practices.

Settlement Approval and Key Details

After legal proceedings and negotiations, a settlement agreement was reached and subsequently approved by the court on February 18, 2026.

The total settlement amount is US$3 million, which is approximately C$4.14 million based on current exchange rates.

The settlement fund is intended to cover several categories of costs, including:

Legal Fees

A portion of the settlement will be used to pay approved legal fees associated with the class-action proceedings.

Administrative Expenses

Settlement administration costs, including claims processing and distribution, will be paid from the fund.

Taxes and Disbursements

Required taxes and litigation-related expenses will also be covered through the settlement amount.

The remaining funds will be distributed among eligible class members who successfully submit valid claims.

Importantly, the settlement does not represent an admission of wrongdoing by LastPass or the other defendants.

Settlement notices emphasize that the defendants continue to deny the allegations made in the lawsuit and maintain that they are not liable for the claims asserted against them. The agreement was reached to resolve the dispute without further litigation.

Who Is Eligible to Receive Compensation?

Many Canadians are wondering whether they qualify for compensation under the settlement.

Generally, you may be eligible if:

You Resided in Canada

Claimants must have been residents of Canada during the relevant period.

Your Information Was Impacted

Your personal information must have been accessed by unauthorized parties during the 2022 LastPass data breach.

Individuals who meet these criteria may be able to file one or more types of claims depending on their circumstances.

Types of Compensation Available

The settlement allows eligible Canadians to seek compensation under multiple categories.

The amount each individual ultimately receives may depend on the number of claims submitted and the available settlement funds.

Compensation for Wasted Time

Many people spent time reviewing accounts, changing passwords, monitoring financial activity, and taking steps to protect themselves after learning about the breach.

To recognize those efforts, eligible claimants can seek compensation for wasted time.

Under the settlement terms, users may claim up to five hours of lost time related to the breach.

Compensation is available at a rate of C$34.01 per hour.

This means qualifying claimants could receive up to:

C$170.05 for wasted time.

Individuals filing this type of claim may need to explain how they spent time responding to issues connected to the breach.

Reimbursement for Out-of-Pocket Expenses

Some users incurred direct costs while attempting to protect themselves from potential identity theft or other consequences arising from the breach.

The settlement allows claimants to seek reimbursement for qualifying out-of-pocket expenses.

Eligible expenses may include costs associated with identity protection, credit monitoring, or other reasonable measures taken in response to the breach.

The maximum reimbursement available under this category is:

Up to C$500.

Claimants must be able to provide documentation supporting their expenses.

In addition, the expenses must have been incurred before May 31, 2023.

Without adequate proof, reimbursement requests may be denied or reduced.

Cryptocurrency Loss Claims

One of the more unique aspects of this settlement involves cryptocurrency-related losses.

Some users alleged that cryptocurrency assets were lost as a result of the LastPass breach.

Eligible Canadians may submit claims for crypto-related losses if they believe those losses were connected to the data breach.

Because these claims can involve substantial amounts and complex evidence requirements, claimants may need to provide extensive documentation demonstrating both ownership and loss of the assets.

Settlement administrators will review submitted evidence before determining eligibility and compensation amounts.

How Much Money Could Claimants Receive?

The exact amount each claimant receives is not guaranteed.

Several factors could affect final payouts, including:

Number of Claims Submitted

If a large number of people file claims, individual payouts may be reduced because the settlement fund must be divided among eligible participants.

Type of Claim

Different claim categories have different maximum limits and requirements.

Approval of Claims

Only valid and approved claims will be eligible for compensation.

As a result, some Canadians may receive relatively modest payments, while others with documented expenses or cryptocurrency losses could potentially receive significantly more.

How to File a LastPass Settlement Claim

Eligible Canadians who wish to participate in the settlement must complete the claims process before the deadline.

The process generally involves submitting an online claim form and providing supporting information.

Information You May Need

Claimants may be asked to provide:

Personal identification details

Current mailing address

Contact information

Details regarding the type of claim being submitted

Supporting documentation for expenses or cryptocurrency losses

Preferred payment method

Providing complete and accurate information can help prevent delays in processing.

Available Payment Options

Successful claimants may choose how they would like to receive compensation.

Available payment methods include:

Cheque

Interac e-Transfer

Selecting the correct payment option and ensuring contact details are accurate is important to avoid issues when funds are distributed.

Important Deadline Canadians Should Not Miss

One of the most important aspects of the settlement is the filing deadline.

Eligible Canadians must submit their claim forms no later than:

June 23, 2026, at 11:59 p.m. Pacific Time.

Claims submitted after the deadline may not be accepted.

Because gathering supporting documents can take time, eligible users are encouraged to begin the process as early as possible rather than waiting until the final days before the deadline.

Why Data Breach Settlements Are Becoming More Common

The LastPass settlement reflects a broader trend involving cybersecurity incidents and consumer privacy rights.

As organizations collect larger amounts of personal information, data breaches have become increasingly costly and disruptive.

Consumers are becoming more aware of their legal rights when companies fail to adequately safeguard sensitive information.

Class-action lawsuits often emerge after major cybersecurity incidents because they provide a mechanism for large groups of affected individuals to seek compensation collectively.

In recent years, Canadians have seen multiple privacy-related class actions involving financial institutions, government agencies, retailers, healthcare organizations, and technology companies.

The LastPass settlement is one of the latest examples of how courts and legal systems are responding to the growing risks associated with data security failures.

Canadians May Also Be Eligible for Other Data Breach Settlements

The LastPass case is not the only data breach settlement currently attracting attention.

Some Canadians may also qualify for compensation through other privacy-related class-action lawsuits, including legal actions involving government agencies and major organizations.

One notable example is the ongoing class-action litigation related to data breaches affecting the Canada Revenue Agency.

Individuals who believe they may have been affected by multiple incidents should review eligibility requirements for each settlement separately, as filing procedures and deadlines vary.

Final Thoughts

The court-approved LastPass class-action settlement offers eligible Canadians an opportunity to receive compensation following the company’s widely publicized 2022 data breach. With a settlement fund worth approximately C$4.14 million, qualifying users may be entitled to payments for time lost, reimbursement of eligible expenses, and certain cryptocurrency-related losses.

However, the opportunity will not remain open indefinitely. Canadians who believe they were affected should review the settlement details carefully and ensure their claim is submitted before the June 23, 2026 deadline.

Leave a Reply

Your email address will not be published. Required fields are marked *