The Securities and Exchange Commission (SEC) experienced an embarrassing breach of security when its X (formerly Twitter) account was hacked. The perpetrators took the opportunity to announce the approval of Bitcoin ETFs one day before the SEC intended to announce it publicly.
In the following days, it was revealed that the SEC X account did not have two-factor identification enabled, which made the breach easier. The Commission has been criticized for its lack of appropriate security protocol, and Republicans on the House Financial Services Committee have demanded answers about the hack.
Yesterday, SEC Chairman Gary Gensler issued a statement on the hack. He shared that shortly after 4 PM on Tuesday, January 9, 2024, the account was compromised by someone who gained control over the phone number affiliated with the account.
Following an erroneous statement that Bitcoin exchange-traded funds had been approved as well as a second post approximately two minutes later that said “$BTC” the individual deleted the second post, but not the first.
Genser said there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.
Gensler said the SEC takes its “cybersecurity obligations seriously,” and they continue to assess the impact as well as review possible issues with social media accounts.
Commission staff are still assessing the impacts of this incident on the agency, investors, and the marketplace but recognize that those impacts include concerns about the security of the SEC’s social media accounts. The staff also will continue to assess whether additional remedial measures are warranted.
He added that law enforcement has been engaged, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, amongst others, in their investigations.