OFFICE OF THE CHIEF INFORMATION SECURITY OFFICER,
UC SAN DIEGO
January 4, 2023
ALL ACADEMICS, STAFF, AND STUDENTS AT UC SAN DIEGO (including UC San Diego Health)
LastPass Security Incident and Steps You Should Take
In late December 2022, we were notified of a serious security incident involving LastPass, which UC San Diego uses as its password manager of choice. In short, a hacker was able to obtain the full, encrypted vaults for many or all of its customers. Along with other LastPass customers, we’re still working on understanding the full scope of the breach and the implications.
In response, all UC San Diego LastPass Enterprise users have been directly contacted with actions UC San Diego is taking, as well as actions they can take to further protect themselves - including a required LastPass master password change starting January 4. Over the next few weeks, as more details about this compromise are known, we will be evaluating our long-term relationship with LastPass. A summary of our response and recommended actions is available at lastpass.ucsd.edu.
Urgent LastPass Recommendations If you and your family use LastPass, take note of the following recommendations to secure your data in light of the recent breach.
Change all the passwords for accounts you store within LastPass. Start with high-value accounts like banking and financial institutions, as well as government agencies.
General Cybersecurity and Identity Theft Prevention Recommendations Whether or not you use LastPass, please review these general tips:
If you use a password manager other than LastPass, update the password you use to access it on an annual basis
Use a passphrase instead of a password where permitted
Enable multi-factor authentication on all your accounts
Review UC San Diego’s Identity Theft Protection Tips - things like enacting a credit freeze, securing federal government accounts, and more
Learn How to Identify Phishing Scams and avoid being victimized by not clicking unknown links in emails and never sharing a password or other sensitive information if requested by email
Michael Corn Chief Information Security Officer UC San Diego
University of California San Diego, 9500 Gilman Drive, La Jolla, CA, 92093