The official X account of the Securities and Exchange Commission (SEC) was hacked on 9th January, 2024. Two US Senators namely Thom Tillis and J.D. Vance have asked the head of the regulatory agency to submit a detailed report regarding the incident before next Monday.
The senators have also expressed concerns about the cybersecurity measures of the regulatory agency. The whips also termed the incident antithetical to their aim of protecting the investors against fraudulent incidents. The recent hack incident served to create confusion among investors.
On this account, the Senators have asked the agency to report the incident to Congress. The request is in accordance with cybersecurity disclosure regulations approved recently. The Senators have marked 23rd Jan as the final date for the Congress report.
The letter addressed to the SEC invoked the regulatory obligation to make a detailed cybersecurity report within four days of a breach incident with details about the impact on associated investors, businesses, and stakeholders. The letter asked if the false post was the result of a breached social media account and if was it possible for the agency to submit a report within four days.
SEC’s X Account Breach Spreads Misinformation Among Followers
As per the online speculation, the breached account of SEC posted an update on 9th January regarding the approval of spot Bitcoin ETF. The update sent a wave of excitement and enthusiasm among investors but SEC head Gensler shortly revealed that the X account of the agency was hacked and published an unauthorized post.
During this chaos, the market reacted in an arbitrary manner with various stakeholders questioning the agency regarding cybersecurity prevention measures.
Some users on social media noted that the SEC was not using two-factor verification method before the breach. Investigators at SEC revealed that the point of interception was not at the X platform but originated from a third-party phone number takeover that was associated with the @SECGov account.
On this account, various government officials such as Cynthia Lummis, Bill Hagerty, and Rep. Ann Wagner also seconded the opinions of other Congress members.
Senator Hagerty asked for a full disclosure regarding the incident while Senator Lummis talked about the risk associated with fraudulent announcements and demanded clarity regarding matters that can manipulate markets.
Hackers did not have Access to Internal Systems at the Agency
Gary Gensler, chairperson of SEC recently noted that the agency was investigating the hack incident. He revealed that investigators at the agency are looking into the full impact and scope of the matter. He confirmed that hackers did not access any internal systems of the agency such as data records, servers, devices, or other social media accounts.
The agency is also working alongside law enforcement agencies such as the Federal Bureau of Investigation, Department of Homeland Security, and Infrastructure Security Agency in addition to more. The agency contacted the administrators at X to get rid of the unauthorized access to their X account.
Gensler also clarified that the agency does not use social media accounts to post updates regarding any new developments. On 11th January, 2024 Senator Ron Wyden and Cynthia Lummis posted a letter to Axios for launching a probe into the cybersecurity practices of SEC. The letter was addressed to Inspector General Deborah Jeffery working at SEC.