LastPass breach exposes how US breach notification laws can leave consumers in the lurch

Password manager LastPass faced criticisms from security experts after announcing a major security breach to its 33 million users in December 2021 and providing unclear details about the incident. The breach exposed encrypted password vaults, making users vulnerable to potential hacking. No federal privacy laws exist in the U.S., leading to inconsistent state-by-state rules around breach notification. This lack of regulatory uniformity often leaves users with little guidance on how to handle data breaches.