On or about February 26, 2022, the Louisiana Public Facilities Authority (LPFA) was the target of a ransomware attack by unknown persons. Our investigation indicates the attack may have gone on over a period of weeks, and the attackers may have gained access to personally identifiable information of some of our customers, including but not limited to, names, addresses and banking financial data, as well as employee personal information such as social security numbers, addresses, dates of birth, driver’s license numbers, emails, passwords, and wage information. The LPFA’s education division, the Louisiana Education Loan Authority (Lela), also stores limited student loan data on the LPFA system servers, which may hold personal information for borrowers including, but not limited to, names, social security numbers, physical and email addresses, phone numbers, and loan balance information.
We have reported this attack to the appropriate State of Louisiana and U.S. federal level entities and collaborated with them to investigate this attack. We are confident the attack has been stopped and the attacker’s access has been closed.
You can learn more about how to protect yourself against identify theft at https://www.ftc.gov/news-events/topics/identity-theft/advice-consumers. You can obtain a free credit report to check for suspicious activity at www.annualcreditreport.com or by calling 877-322-8228.
If you believe your personally identifiable information has been misused, you may want to report this to https://www.identitytheft.gov/ or by calling 1-877-438-4338.