Senators Demand Clarity on SEC Cybersecurity After Twitter Account Breach
Two United States senators are calling on the United States Securities and Exchange Commission (SEC) to provide a report to Congress about the Jan. 9 breach of its X (formerly Twitter) account. In a same-day letter to SEC Chair Gary Gensler, Senators J.D. Vance and Thom Tillis described the incident as raising “serious concerns” about the commission’s internal cybersecurity procedures.
The letter also calls the breach “antithetical to the Commission’s tripartite mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.”
Senators Express Concern Over SEC Cybersecurity Post-Breach
Concerned about the recent hack, which they said introduced “widespread confusion,” the two senators have requested the SEC provide Congress with a report about the incident, referring to a recently finalized rulemaking regarding cybersecurity disclosures.
The letter sent on Jan. 9 sets a deadline for Jan. 23. It also reminded the SEC about the mandate that requires all businesses to disclose all impacts to the business within four days of a cybersecurity incident:
“If this ‘compromised’ social media post was indeed a result of a cybersecurity attack, would it be possible for the Commission (SEC) to provide Congress with a report on the breach within four business days? If not, please explain why.”
Incident Details and Reactions from Government Officials
The incident occurred on Jan. 9, when the SEC’s X account shared a false tweet suggesting spot Bitcoin exchange-traded funds (ETFs) had been approved in the United States. However, the excitement across the crypto community was short-lived after Gensler revealed that the SEC’s X account was compromised and was used to send out an unauthorized tweet.
While investors and markets reacted unpredictably amid the confusion, many pointed out the SEC’s lack of preparedness against cyberattacks and online threats. An internal investigation from X confirmed the SEC account was not using two-factor authentication at the time of the breach. The X report also added:
“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”
Several top-ranking government officials, including Senators Cynthia Lummis and Bill Hagerty, as well as Representative Ann Wagner, echoed the sentiment of fellow members of Congress. While Hagerty demanded full disclosure about the incident, Lummis highlighted the risks associated with fraudulent announcements and asked for clarity on incidents that “can manipulate markets.”
Conclusion: The Urgency for Enhanced Cybersecurity Measures
In conclusion, the breach of the SEC’s Twitter account has not only raised questions about the SEC’s current cybersecurity measures but has also highlighted the broader implications of such incidents on market stability and investor trust. The swift response from Senators Vance and Tillis, along with other government officials, underscores the urgency for stronger cybersecurity protocols and transparent communication in the face of digital threats. As the deadline approaches for the SEC’s report, the incident serves as a critical reminder of the ongoing challenges in safeguarding digital platforms against unauthorized access and misinformation.