A state agency that regulates public utilities in New Mexico was “hacked by an outside source,” Public Regulation Commission chief of staff Jason Montoya and the Governor’s Office said Tuesday.
Montoya said the commission’s preliminary findings indicate the source might have been a foreign country, although Nora Meyers Sackett, a spokeswoman for Gov. Michelle Lujan Grisham, said there is not yet any confirmation about who or what entity hacked into the PRC’s website, which has been down since Thursday.
The cyberbreach is under investigation by the New Mexico Department of Information Technology and a third-party contractor called RiskSense. Montoya said the commission believes the hack “could be related to a cyberattack.”
It’s unclear whether any confidential information was leaked.
Sackett said the Department of Information Technology “was immediately notified of the hack by the PRC and immediately began to quarantine it, address it and investigate it.”
The Department of Homeland Security and Emergency Management also was alerted, she said.
The state Economic Development Department’s website also was down for a short time Tuesday morning but came back online. A department spokesman said there was a problem with the website server that was resolved.
Sackett said the website was down due to routine server maintenance. It was unrelated to the PRC hack, she said.
Earlier this year, a data breach at Presbyterian Healthcare Services allowed unauthorized access to the of personal information of more than 180,000 patients and health plan members.
The May data breach allowed hackers access to names, dates of birth, Social Security numbers and other information.
The New Mexico Attorney General’s Office secured $2.3 million of a $175 million portion of a settlement stemming from a 2017 Equifax data breach that impacted more than 860,000 state residents.
Nationwide, millions of people had their personal information exposed after the Equifax leak.
The Attorney General’s Office has asked lawmakers this year for about $500,000 to create a new cybercrime and counterterrorism unit that would help law enforcement agencies across the state pinpoint threats.
In November, Attorney General Hector Balderas told a panel of lawmakers the state’s domestic terrorism and cybercrime laws are woefully outdated and need to be rewritten to give prosecutors and investigators more tools to deal with threats from mass shooters and protect against cyberattacks.