LastPass says Klue breach exposed support data

Cyber incidents rarely stay neatly inside one company. LastPass’ Klue breach update shows how vendor risk can spill into high-trust security products and their customers.

What happened

LastPass said customer support case data and personal information were stolen through the recent Klue breach, not through LastPass’ own systems.

The company said password vaults were not affected, but support data can still contain sensitive customer context.

Why it matters

This is a useful supply-chain cybersecurity follow-up.

We already covered the Klue breach, but this shows the second-order impact: one vendor breach can expose data connected to companies whose entire brand depends on trust and security.

The bigger picture

Security risk increasingly lives in vendor ecosystems. Companies need to monitor not just their own systems, but also the tools and support platforms that hold customer context behind the scenes.