Chair of the U.S. Securities and Exchange Commission (SEC), Gary Gensler, has recently addressed lawmakers concerning a breach of the SEC’s X account. The breach occurred on January 9th when an unknown actor performed a SIM swap attack on the SEC’s X account. As a result of this breach, a false message was published claiming that the SEC had approved several spot Bitcoin ETFs. It is important to note that while the SEC did approve those funds on January 10th, the initial message was inauthentic.
Gary Gensler emphasized in his letter to lawmakers that the SEC takes its cybersecurity obligations seriously. He assured them that the SEC’s Office of Legislative and Intergovernmental Affairs conducted a briefing on January 17th to address the questions raised in the letter from House members Patrick McHenry, Bill Huizenga, French Hill, and Ann Wagner. These members had previously requested the SEC to adhere to the security disclosure standards it imposes on companies. Gensler’s response shows that the SEC met the January 17th deadline set by the House members by providing the briefing.
In addition to the House members’ concerns, Senators Ron Wyden and Cynthia Lummis sent a letter on January 11th requesting the SEC to launch an investigation into multi-factor authentication and phishing-resistant hardware tokens. They also urged the SEC to address any security gaps that may exist. However, as of February 12th, no response to this matter has been reported. It remains unclear if the SEC will take further action based on the senators’ request.
Within his letter, Gensler provided an update on the ongoing investigations. Law enforcement is currently looking into how the attacker managed to persuade the carrier service to change the SIM associated with the SEC’s X account and how they obtained the phone number linked to the account. Gensler’s confirmation regarding the compromise of the SEC’s X account on January 9th was the first public acknowledgment of the breach. He released a detailed statement on the incident on January 12th. Although the letter to lawmakers was dated February 6th, it gained attention on February 8th when Politico publicized its contents.
The response from SEC Chair Gary Gensler to lawmakers regarding the breach of the SEC’s X account sheds light on the seriousness with which the SEC treats cybersecurity. While the false message published during the breach caused initial confusion, it is evident that the SEC took appropriate action and provided a briefing to address concerns raised by House members. However, unanswered calls for action from senators regarding additional security measures leave room for further scrutiny. As investigations into the breach continue, it is crucial for the SEC to remain vigilant and prioritize the protection of its systems and information.