Senate Finance Committee Chairman Sens. Ron Wyden (D-Ore.) and Cynthia Lummis (R-Wyo.) earlier this week called for an investigation into what led the SEC’s X account to be compromised.
The two asked SEC Inspector General Deborah J. Jeffrey on Thursday to open an investigation into what happened and “the SEC’s apparent failure to follow cybersecurity best practices.” Axios First reported This is news that came out on Friday.
A fake post was posted to the SEC’s hundreds of thousands of followers on Tuesday. granted Approval for listing of spot Bitcoin ETF, which was not the case at the time. After that post on Tuesday, Chairman Gary Gensler quickly posted from his personal account that the SEC’s Approved Spot Bitcoin ETF.
X Confirmed in post The SEC’s X account was compromised as someone gained control of the phone numbers associated with that account. The platform’s security team pointed out that the SEC did not have two-factor authentication set up for the accounts when they were compromised.
If X’s statements are accurate, the SEC’s social media accounts should be kept secure using industry best practices, Wyden and Lummis said.
The senators said the agency “should have not only enabled MFA, but also secured the accounts with anti-phishing hardware tokens known as security keys, the standard for account cybersecurity.”
The SEC said it was working with the SEC Office of the Inspector General and the FBI to determine what went wrong, and a spokesperson previously said the agency would provide updates as appropriate.
past warning
“SEC executives have had ample warning about the dangers of poor cybersecurity practices in your office,” Wyden and Lummis said, citing several past reports.
all report Last December, the SEC’s Office of the Inspector General said “the SEC’s information security programs and practices are not effective,” and said the agency had made progress but other fixes were needed.
“Furthermore, if a hack reveals sensitive information for investors, it could have serious implications for the stability of the financial system and trust in public markets, including potential market manipulation,” Lummis and Wyden said. “We urge you to investigate your institution’s practices around the use of MFA, particularly anti-phishing MFA, to identify any remaining security gaps that need to be addressed.”
Wyden and Lummis said they want an update on the investigation and the SEC’s resolution by Feb. 12.
Other lawmakers have also sought answers from the SEC over the past few days. House Republicans request Briefings from the agency and others criticized the SEC’s handling of the compromised posts.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.