LastPass breach exposes how US breach notification laws can leave consumers in the lurch

Password manager LastPass suffered a major security breach in December, which exposed encrypted password vaults to criminal hackers, putting individuals and companies at risk. The company informed some of its 33 million customers, but the notifications lacked detail and were considered misleading by security experts. The lack of nationwide data privacy laws in the US and fragmented state-by-state rules governing notifications made understanding the implications and extent of the breach complex for consumers.