On July 23, 2018, the Commonwealth of Kentucky Personnel Cabinet learned that a security breach occurred as a result of a phishing scheme directed at employees.
This incident impacted a total of six employees and did not result from a failure of the commonwealth’s network, email, or human resource information system.
Rather, it was a malicious phishing attack targeted specifically at system users. Phishing is the attempt to acquire sensitive information such as usernames, passwords, or financial information for malicious reasons by masquerading as a trustworthy entity in an email.
Immediately upon learning of the phishing scheme, the Personnel Cabinet worked with the Commonwealth Office of Technology (COT), the FBI, and the Kentucky State Police to address the breach. The breach was discovered prior to any financial impact to the affected employees and no funds were diverted from the employees to an unauthorized banking institution.
The Personnel Cabinet and COT take these threats very seriously and employ technologies to help reduce such risks. Employees should remain vigilant for incidents of fraud and identity theft, including reviewing account statements and monitoring free credit reports.
The Commonwealth will continue to implement the strictest security safeguards and encourage employee awareness on such matters.
Kentucky Personnel Cabinet
