About the LastPass hack

Last year, the popular password manager LastPass was hit by two hacks in August and October. In the first case, an engineer's computer was hacked, then the hacker accessed the development cloud, and some software resources were stolen.
After the company thought it had shut down the incident, the hacker apparently took advantage of the information he obtained and hacked into the computer of one of the company's senior engineers, this time accessing backup files, including an encrypted password vault. The company says the passwords are It's encrypted and they don't have the decryption key, but information like email addresses and other sensitive data has been leaked, and we don't know if the hacker was able to decrypt the customers' password vault or not.
The truth is that any hacking of any company, especially if it is technical, has a great impact on its reputation and business, especially if it leads to data leakage. But the situation for the password management company, in my opinion, is a disaster. Because the service basically helps to manage passwords to reduce the risk of hacking, by using unique, long, and non-repeated passwords, without having to remember them. What if this same service is hacked? It is certain that the issue is very sensitive to users and companies.
How did the company deal with the incident?
The company sent its clients frequent updates about the hack, the actions it took to recover from the incident, details of the data that was leaked, and a lot of valuable information.
The truth is that the company dealt with the incident with great professionalism despite its difficulty, and tried as much as possible to publish all possible details, and chose the best options by publishing all the details to customers, rather than trying to hide or minimize the process, because if the data was leaked in some way, the end of the company would undoubtedly be.
In my opinion, the company succeeded to some extent in managing the crisis, despite the slowness in updates for users. Also, the company may have been lenient in taking action after discovering the first incident, which led to the second hack two months later, and this is a big mistake. They were supposed to expect that the hacker would inevitably benefit from the data he obtained.
Every company should expect to be hacked at any time. The most important thing is to be ready to deal with the crisis in a professional manner, and for companies to have a plan to recover from security incidents with minimal losses.
I do not know how much impact LastPass might be exposed to as a result of the incident, as it is difficult for any company, and more difficult for a company working in a very sensitive field such as password management, but the company, in my opinion, succeeded in managing the crisis professionally, and this is to its credit.