LastPass, a password management system, announced a breach of their services in December of 2022. Unknown actors were able to obtain backup versions of user vaults (an individualized data store of websites, usernames, and passwords), which included both unencrypted and encrypted information.
Virginia Tech was in the process of rolling out LastPass to portions of the university community. While waiting for clarity on the extent and long-term effects of this breach and the corporate response to it, Virginia Tech has decided to pause the rollout until a satisfactory assessment has been completed. Virginia Tech recommends that current users follow the guidance provided below.