Cyber Incident Victim: New Mexico Regulation and Licensing Department

In October 2022, the New Mexico Department of Information Technology’s Cybersecurity Office initiated an investigation into unauthorized access targeting information systems operated by the state’s Regulation and Licensing Department (RLD). The incident came to light on or around October 13, 2022, though the precise timeline of initial intrusion detection and the specific systems involved were not publicly disclosed. State authorities confirmed the Cybersecurity Office assumed primary responsibility for assessing the breach, coordinating with RLD to contain the incident. While technical details regarding the attack vector, duration of unauthorized access, and identity of threat actors remained under investigation, officials stated they had isolated and mitigated the unauthorized access. No immediate evidence suggested widespread compromise of other state agencies, though the full scope of impacted RLD systems or data repositories was not yet determined at the time of initial reporting.

The state’s investigation remained ongoing as of the initial disclosure, with no confirmation regarding whether sensitive data—such as personally identifiable information, licensing records, or internal communications—was accessed or exfiltrated. RLD, responsible for overseeing numerous professional and occupational licenses across New Mexico, did not release specifics about operational disruptions or potential service delays stemming from the incident. Authorities emphasized their confidence in the containment measures but refrained from detailing the technical methods used to isolate affected systems or prevent further unauthorized activity. No ransomware claims, extortion attempts, or public data leaks were immediately associated with the breach. The Cybersecurity Office continued its forensic examination to establish the intrusion’s origin, extent, and consequences while maintaining public assurances that mitigated risks no longer threatened ongoing operations.