LastPass Rebuilds Security Culture After Breaches

New CEO says security is now at the 'very heart' of what the password manager does

Published on Feb. 10, 2026

Got story updates? Submit your updates here. ›

After a string of high-profile data breaches in 2022, the password manager LastPass has undergone a major security overhaul under its new CEO Karim Toubba. The company has made significant investments to improve its people, processes, and technology, going 'beyond what would normally be expected of a standard security program.' Toubba says LastPass is now focused on leading the industry in security, transparency, and information sharing.

Why it matters

The 2022 breaches at LastPass, a prominent password manager, severely damaged consumer trust in the company's ability to safeguard sensitive user data. The security overhaul is an attempt by the new leadership to rebuild that trust and position LastPass as an industry leader in password management security.

The details

In the wake of the 2022 breaches, LastPass has implemented a range of new security measures, including overhauling its employee devices and training, forming a dedicated security team, and engaging in ongoing third-party audits and penetration testing. The company has also rolled out new authentication controls and is working to provide broader visibility into shadow SaaS and rogue AI application usage for its business customers.

  • The security incidents at LastPass occurred in 2022.
  • Karim Toubba joined as CEO of LastPass in 2022, following the breaches.
  • LastPass has been 'steadily at work' rebuilding from the ground up over the past 3-4 years.

The players

Karim Toubba

The Chief Executive Officer of LastPass, who joined the company in 2022 following the security breaches and has led the effort to overhaul the company's security practices.

LastPass

A security and identity management solutions provider known for its password management vault. The company was acquired by GoTo (formerly LogMeIn) in 2015 and spun off as an independent outfit in 2024.

Got photos? Submit your photos here. ›

What they’re saying

“I like to tell customers that it's easier to tell them what hasn't changed in the last three to four years than what has.”

— Karim Toubba, CEO, LastPass (ZDNet)

“We significantly changed the technology stack of all of our employees, [such as] the security capabilities that are on their devices, and then issued new devices to all employees in the form of laptops that were completely locked down.”

— Karim Toubba, CEO, LastPass (ZDNet)

“We made a multi-year, multi-million-dollar investment, and we went beyond what would normally be expected of a standard security program. We are proud of the exemplary work that does not just lead to being more secure, but leads us to leading within the industry of what leadership, transparency, and the sharing of information looks like.”

— Karim Toubba, CEO, LastPass (ZDNet)

What’s next

LastPass plans to continue balancing its approach for both consumer and business markets, with a focus on providing enhanced security practices, improvements under the hood, and increased transparency to re-earn customers' trust.

The takeaway

The security overhaul at LastPass demonstrates the company's commitment to regaining consumer trust after a series of high-profile breaches. By investing heavily in security, transparency, and industry leadership, LastPass is positioning itself as a more trustworthy password management solution in the face of growing security concerns.