SANTA FE — The Securities Division of the New Mexico Regulation and Licensing Department is reminding financial service registrants, particularly state-registered investment advisers and intrastate broker-dealers, to report any known issues or concerns related to the recent SolarWinds cybersecurity incident to their primary securities regulator.
“By utilizing trusted software updates, the bad actors took advantage of the normal and recommended best practice of keeping software up to date. Thousands of companies may have been exposed simply for doing the right thing,” Deputy Superintendent Linda Trujillo said.
In December 2020, the federal government has reported that SolarWinds, a vendor that provides
updating and monitoring software to numerous government agencies and private companies, was
the victim of a breach that caused SolarWinds Orion Network Management Products to transmit
malware to many of its clients, including federal, state and local governments, as well as other
private sector entities.
The U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency has
issued an alert that describes the threat and provides guidance on how to address it.
The alert is available here: https://www.cisa.gov/supply-chain-compromise.
The Securities Division is issuing this reminder to raise awareness among state registrants and to
provide information and resources to help those affected to recover quickly and protect their
clients and colleagues.
Any firm with a known breach or concerns should contact its primary regulator. State-registered
investment advisers and intrastate broker-dealers in New Mexico should contact the Securities
Division at 1.800.704.5533.
The New Mexico Regulation and Licensing Department regulates more than 500,000
individuals and businesses in 35 industries, professions and trades across the state. Its goal is to
assure that New Mexicans receive quality services from qualified individuals and businesses
while also ensuring fair and prompt administrative process.