You’re the CEO and Your Company Got Hacked—What Now?
Executives who handled cyberattacks at LastPass, SolarWinds and Accellion share tips on planning for and responding to an incursion.
Illustration: Nadia Hafid for Bloomberg Businessweek
Karim Toubba was a few months into his new job as chief executive officer of LastPass US LP, which allows customers to store and manage passwords, when he learned that his company had been hacked. Two weeks later, in August 2022, he published a blog post saying that while the hackers had stolen some source code and proprietary technical information, there was no evidence that access was given to customer data or encrypted password vaults.
Crisis averted—until the hackers returned, using information stolen in the earlier attack to obtain encrypted usernames and passwords, among other data. That development, revealed in a blog post by Toubba days before Christmas, prompted waves of criticism and a Wired story entitled “Yes, It’s Time to Ditch LastPass.”