On March 20, 2025, Lafayette Federal Credit Union (“LFCU”) filed a notice of data breach with the Attorney General of California after discovering that an unauthorized party gained access to an LFCU employee’s email account. In this notice, LFCU explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Lafayette Federal Credit Union began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Lafayette Federal Credit Union, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Lafayette Federal Credit Union data breach. For more information, please see our recent piece on the topic here.
What Caused the Lafayette Federal Credit Union Data Breach?
The Lafayette Federal Credit Union data breach was only recently announced, and more information is expected in the near future. However, Lafayette Federal Credit Union’s filing with the Attorney General of California provides some important information on what led up to the breach. According to this source, LFCU recently learned that an unknown party had gained access to an employee’s email account. In response, LFCU secured the affected account and then launched an internal investigation. Lafayette Federal Credit Union also brought on a team of cybersecurity experts to confirm the security of the company’s email system and assist with the investigation.
Through its investigation, LFCU confirmed that an unauthorized party was able to access the employee’s email account—including emails and attachments containing confidential consumer information—on September 16, 2024.
After learning that sensitive consumer data was accessible to an unauthorized party, Lafayette Federal Credit Union reviewed the compromised files to determine what information was leaked and which consumers were impacted. LFCU completed this process on February 5, 2025.
While the publicly available data breach letter posted on the California Attorney General’s “Search Data Security Breaches” web page doesn’t mention what data types were leaked, on March 20, 2025, Lafayette Federal Credit Union sent personalized data breach letters to anyone who was affected by the incident. These personalized letters should provide victims with a list of what information belonging to them was compromised.
More Information About Lafayette Federal Credit Union
Lafayette Federal Credit Union is a member-owned financial institution offering a full range of banking services, including checking and savings accounts, loans, mortgages, and investment products. Headquartered in Rockville, Maryland, the credit union serves members across the Washington, D.C. metropolitan area and beyond, with a focus on personalized service and financial empowerment. The organization employs approximately 200 people and generates an estimated $50 million in annual revenue.
