State employees targeted in phishing scheme
FRANKFORT, Ky. (WTVQ) – The Personnel Cabinet learned that a security breach occurred as a result of a phishing scheme directed at Commonwealth of Kentucky employees.
This incident impacted a total of six employees and did not result from a failure of the Commonwealths network, e-mail, or human resource information system. Rather, the state says it was a malicious phishing attack targeted specifically at system users.
Phishing is the attempt to acquire sensitive information such as usernames, passwords, or financial information for malicious reasons by masquerading as a trustworthy entity in an email.
Immediately upon learning of the phishing scheme, the Personnel Cabinet worked with the Commonwealth Office of Technology (COT), the FBI, and the Kentucky State Police to address the breach.
The state says the breach was discovered prior to any financial impact to the affected employees and no funds were diverted from the employees to an unauthorized banking institution.
The Personnel Cabinet and COT say it takes these threats very seriously and employ technologies to help reduce such risks.
The state says employees should remain vigilant for incidents of fraud and identity theft, including reviewing account statements and monitoring free credit reports.
The Commonwealth says it will continue to implement the strictest security safeguards and encourage employee awareness on such matters.