Cybersecurity Incident

Notice of Security Incident

The City of Bardstown, Kentucky (“Bardstown”) is giving notice about a recent security incident that may have involved a very limited number of individuals’ personal information. Bardstown previously alerted the public soon after the incident happened in September 2022, and we have since provided frequent updates as available. We are providing this further update now to provide additional information.

In September 2022, Bardstown experienced a cybersecurity attack that caused disruption to certain portions of our information technology network. We immediately investigated and aggressively responded to this incident. Passwords were changed, the unauthorized access was blocked, and law enforcement was notified. Outside technical experts were also engaged to further investigate and evaluate the nature and scope of the incident. The City’s IT team is also working closely with these experts to remediate this event and to further harden the City’s defenses.

During the course of our investigation, the City recently learned of potential unauthorized access to certain portions of our IT environment. Specifically, it appears that unauthorized third part(ies) may have accessed or potentially exfiltrated a very limited number of archived files from our IT environment. Some of the impacted files may have contained the personal information of certain individuals who previously held utility accounts with the City of Bardstown, such as, potentially, name, address, and Bardstown utility account number. For some individuals, the personal information involved included a Social Security number, and these individuals are being provided complimentary credit monitoring and identity theft protection services as required by law. Our electronic payments system was not impacted by the incident.

In an abundance of caution, we are notifying the very limited number of individuals who were potentially affected by this incident via first class U.S. mail at their last known address. Persons potentially affected are encouraged to remain vigilant and monitor financial account statements and credit reports carefully and report any discrepancies to law enforcement. Additional guidance individuals can follow to protect themselves can be found at:

For more information about this incident and protective steps potentially affected persons may wish to take, individuals can call 877-642-8088 between the hours of 8:00 am and 5:00 pm, Eastern Time, Monday - Friday (excluding major U.S. holidays). We are fully committed to protecting personal information and sincerely apologize for any concern this incident may have caused.