Louisiana Public Facilities Authority (LPFA) victim of ransomware attack
The following notification was first published on July 18 as a legal notice:
00110404 PUBLISH 07/18/22 – 09/02/22 Notice of Data Breach
On or about February 26, 2022, the Louisiana Public Facilities Authority (LPFA) was the target of a ransomware attack by unknown persons. Our investigation indicates the attack may have gone on over a period of weeks and the attackers may have gained access to personally identifiable information of some of our customers, including but not limited to customer names and banking financial data as well as employee personal information such as social security numbers, addresses, dates of birth, driver’s license numbers, emails, passwords, and wage information.
The LPFA’s education division, the Louisiana Education Loan Authority (Lela), also stores limited student loan data on the LPFA system servers, which may hold personal information for borrowers, including, but not limited to, names, social security numbers, physical and email addresses, phone numbers, and loan balance information.
We have reported this attack to the appropriate State of Louisiana entities and U.S. federal level and collaborated with them to investigate this attack. We are confident the attack has been stopped and the attacker’s access has been closed. You can contact Martin Walke at [email protected] for LPFA inquiries and Tricia Dubroc at [email protected] for Lela inquiries or if you have any questions.