DENVER, Colo. — The Colorado Division of Securities (DOS) a division of the Department of Regulatory Agencies (DORA), announced today that financial service registrants, particularly state-registered investment advisers and intrastate broker-dealers, should be aware of any impact that the breach of SolarWinds may have had on their firms and to report any such related issues to their primary securities regulator.
In Dec. 2020, the federal government reported that SolarWinds, a company that provides updating and monitoring software to numerous government agencies and private companies, was the victim of a breach that caused SolarWinds Orion software to transmit malware to many of its clients. SolarWinds’ product is an IT administration software that is widely used by companies and government agencies throughout the U.S. and abroad.
The FBI has issued a private industry notification (https://www.ic3.gov/Media/News/2020/201229.pdf) that describes the threat and provides guidance on how to address it. SolarWinds has also issued an advisory (https://www.solarwinds.com/securityadvisory) with recommendations for those who have been using the SolarWinds Orion software and have been affected by the breach.
The Division is issuing this alert to raise awareness among state registrants and to provide information and resources to those affected.
Any firm with known malicious versions of the SolarWinds Orion software should contact its primary regulator. State-registered investment advisers and intrastate broker-dealers in Colorado should contact the Division at 303-894-2320 or email us at dora_SecuritiesWebsite@state.co.us.