• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / February 26, 2021

Kentucky Unemployment Insurance attacked for third time in less than a year

This week, the Kentucky Unemployment system was hit by a cyber attack – the third cyber incident in ten months. Ironically, there was very little media coverage which means that the media considers cyber attacks on KY state government as “old news”.

What is old are the antiquated systems that the state uses and they are becoming more vulnerable with time. 

Following the April 2020 data breach, the governor asked the inspector general at the transportation cabinet to “look at the breach to ensure the software is sufficiently secure”. This response not only was in itself “insufficient”, but it also allowed the continuation of the use of old and vulnerable systems which hold the personal and financial information of hundreds of thousands of Kentucky citizens.

Additionally, following the most recent attack in which the system was flooded by random login usernames, the state claimed that none of the login attempts were successful within hours of the attack. How can they know that definitively? It has been 3 months since the Solar Winds attack and the federal government is STILL uncovering infiltrations. The only way the state can know for sure that there were no infiltrations is to do a comprehensive network analysis. Has that been done? A comprehensive network analysis and system scan would have to be completed to be able to authoritatively state whether there is any malware, infiltration, or data theft. The next step would clearly be to educate the workforce on how to respond as well as implementing new policies to create a security-conscious culture. Lastly, updates to the system architecture and patching/replacing software to harden the systems is critically required.

The legislature must prioritize cyber security for the protection of the data of the citizens of the Commonwealth because the next time may be devastating, assuming it isn’t already too late.  

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT