-
About
- Friday, May 17, 6 p.m.
- Saturday, May 18, 11 a.m.
Commencement
Celebrating the Class of 2024
About
-
Academics
- Friday, May 17, 6 p.m.
- Saturday, May 18, 11 a.m.
Commencement
Celebrating the Class of 2024
Academics
-
Admission & Financial Aid
- Friday, May 17, 6 p.m.
- Saturday, May 18, 11 a.m.
Commencement
Celebrating the Class of 2024
Admission & Financial Aid
-
Student Life
- Friday, May 17, 6 p.m.
- Saturday, May 18, 11 a.m.
Commencement
Celebrating the Class of 2024
Student Life
- Athletics
An image of a letter being caught by a fishing pole with the text "Gone Phishing"
This is important information for any member of the Marist community who uses the LastPass password manager.
LastPass suffered a data breach in late 2022. Hackers compromised a company account and accessed their software development environment. They obtained information that was then used to access a LastPass backup platform, and then downloaded every LastPass users' password vault.
Passwords and notes inside the vaults are encrypted. This means that the information is not readily accessible and requires time and effort for the passwords in the vaults to be obtained. However, some information including the stored URLs were not encrypted.
The backup that was copied included all customer information and vaults of LastPass users as of September 22, 2022. Accounts deleted before this date or created after this date are not impacted. The breach includes all versions of LastPass: Business, Teams, Families, Premium, and Free users.
What This Means for You
The following actions should be taken for any individual who currently has a LastPass account that was created prior to September 22, 2022, and has a master password that is less than 12 characters or does not include numbers and special characters:
- Enable multi-factor authentication on your LastPass account
- As an extra security measure, you should change the passwords for websites stored in your vault to minimize risk, prioritizing those accounts that contain sensitive or confidential information, such as: financial sites, email accounts, and social media or other communication platforms
General best practices for managing accounts should help minimize the impact of this incident:
- Regularly reset your passwords, at least once a year, prioritizing accounts with sensitive or confidential information
- Enable multi-factor authentication for all accounts where it is offered
- Use a unique password for every account
- Never share your passwords with anyone else, including family members
- Enable account notifications to text or email whenever a new device logs into your accounts
- Monitor your financial accounts regularly for any indications of fraudulent activity
- Be vigilant about unsolicited or unexpected email communications regarding usernames to various sites, and report suspicious emails to phishing@marist.edu
If you have any questions, please feel free to contact the Marist Information Technology Cybersecurity Team at cybersecurity@marist.edu