LastPass is notifying customers that personal information and support case records were stolen through a breach at technology partner Klue. The compromised data reportedly includes customer names, phone numbers, email addresses, physical addresses, support case data, and sales-related records. The risk is serious because support tickets often contain far more than basic contact information. Customers may share billing issues, account recovery details, troubleshooting data, screenshots, identity documents, credentials, API tokens, configuration details, or other sensitive fragments when asking for help.

The breach also lands against LastPass’s history of major security incidents, including the 2022 compromise of encrypted customer password vaults. For a password manager, trust is the product — so even a partner-driven breach can create reputational damage, phishing risk, social engineering exposure, and renewed scrutiny from enterprise buyers.

In a Klue-style third-party breach, the key question is not just “was LastPass breached?” but where did customer data travel, who touched it, and what sensitive information was embedded inside support workflows. Unified visibility, for example, with a platform like NIKSUN's, lets security teams reconstruct the chain: Klue account access, SaaS/API activity, bulk exports, support-case queries, file downloads, unusual admin behavior, and outbound transfers to attacker infrastructure. By correlating identity logs, vendor access, support-ticket activity, API calls, DLP signals, endpoint telemetry, and network sessions, LastPass and other affected vendors could rapidly determine which customers were exposed, whether tickets contained secrets, whether credentials or recovery artifacts appeared in case records, and which downstream systems require token rotation or customer notification. Read more about this story on our LinkedIn page