LOUISVILLE, Ky. (WDRB) -- A letter has been sent to Kentucky government employees warning against giving out any sensitive or security-related information to anyone due to possible "threats to state government resources," WDRB has learned. 

In a copy of the letter obtained by WDRB, the Commonwealth Office of Technology says "the threats are believed to be credible," and warns against what it terms "social engineering."

The letter describes people who might be calling or emailing government employees in an effort to obtain sensitive information and warns employees against giving out security any information over the phone or in an email. 

A copy of the letter is posted below:

COT Office of the CISO has received information concerning threats to state government resources based on current events related to Middle Eastern conflicts and Syrian refugees.  The threats are believed to be credible.  Based on this information, state staff are to be cautious and aware of social engineering attacks.  A social engineering attack is a method hackers use to trick people into breaking normal security procedures.  This can be done through phone calls or emails directly attempting to adversely affect government services or gain confidential information.

Under no circumstances should state staff give information about employees, high-ranking officials, or our internal systems, including their credentials, to a caller or by email without a thorough verification that the source is legitimate.  

Staff, including senior executives, are encouraged to use strong, complex and unique passwords for all personal and work accounts.  Other authentication recommendations include using a different password for each account, and changing passwords often.  

NOTICE: COT is providing this information so that you are aware of the latest security threats, vulnerabilities, etc.  If you need to report an incident or breach of security resulting from the threat or vulnerability in this alert, contact the Commonwealth Service Desk by email or call 502-564-7576 so that a ticket can be generated for the appropriate COT technical staff.  

Office of the CISO

Commonwealth Office of Technology

100 Airport Rd.

Frankfort, KY  40601

Technology-enabled Business Solutions for 21st Century Government