AI Autopsy: Por qué la ICO multó a LastPass con 1,2 millones de libras

By Danny Bradbury for Assured
Wednesday, January 21, 2026

• 719
• Más

Las filtraciones de datos pasadas nunca mueren. Sobre todo cuando los reguladores las ponen en evidencia. El mes pasado, la Oficina del Comisionado de Información del Reino Unido (ICO) devolvió a los titulares un incidente de 2022 en la empresa de gestión de contraseñas LastPass, tras imponerle una multa de 1,2 millones de libras por infracciones al RGPD.

Ilia Kolochenko, data protection lawyer and founder of ImmuniWeb, also raises an eyebrow. “They should have had some foundational security controls – namely, incident response – in their cloud environment,” he tells Assured Intelligence. “I believe that in 2022 it was perfectly doable, and AWS had native tools on its platform.”

LastPass did get alerts from AWS in October that something was afoot. It followed procedure and contacted a cloud infrastructure email distribution list. However, only one person on the list (an engineer) was from LastPass. The remainder were GoTo employees, and miscommunication between the two parties resulted in an 18-day delay in the subsequent investigation. Read Full Article