The state of Nevada has issued a statement on the cybersecurity hack that affected multiple U.S. government agencies, including the Treasury and Commerce departments. 

The attack, reported earlier in December, was part of a monthslong global cyberespionage campaign and involved SolarWinds Orion. 

It was confirmed that Nevada uses SolarWinds Orion products in the state enterprise environment and at several agencies. All of those systems were taken offline on December 14, following guidance from the federal Cybersecurity and Infrastructure Security Agency. 

The state says it continues to work with the federal government and private industry in response to the SolarWinds attack.

To date, there is no indication that any state systems or websites have been compromised and no known attacks targeted individuals.  The state says they reviewed communications traffic back through the beginning of the year and found no indication of compromise.

The state expects this will take a substantial amount of time to understand the full effects of the attack and continues to monitor its systems for any indication of compromise. 

"Even though there has been no known impact on state systems, we are taking this situation very seriously and want to notify the public about it so they can take appropriate steps to protect themselves and so they know how the state is responding," said Alan Cunningham, Chief Information Officer for the State of Nevada.   

The state released tips to protect their information and online identities, including: 

  • Keep security software current. Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats. 
  • Ensure you are using strong passwords (Lik3_thi$_1) for your digital accounts. 
  • Don’t use the same password for every site. At the very least, separate sensitive accounts (banking, utilities) from standard accounts (social media, entertainment). 
  • If a government site or business where you have an account is identified in a hack or breach, change your password immediately. 
  • If a site offers two-factor or multi-factor authentication, use it. This will provide additional protection to your account. 
  • Monitor your bank accounts for missing deposits or unexplained withdrawals. Most banks do this for you, but you know your finances better than they do. 
  • Be alert for scams, whether through email, texting, social media, or over the phone.

 

(Office of Governor Steve Sisolak and the Associated Press contributed to this report.)Â