What to Do When You’re the CEO and Your Company Gets Hacked

Karim Toubba was a few months into his new job as chief executive officer of LastPass US LP, which allows customers to store and manage passwords, when he learned that his company had been hacked. Two weeks later, in August 2022, he published a blog post saying that while the hackers had stolen some source code and proprietary technical information, there was no evidence that access was given to customer data or encrypted password vaults.

Crisis averted—until the hackers returned, using information stolen in the earlier attack to obtain encrypted usernames and passwords, among other data. That development, ...