In an update to the security incident notification published last month, Lastpass’ CEO Karim Toubba said that the company’s investigation found no evidence the threat actor accessed customer data or encrypted password vaults.