US Senator and Chairman of the Senate Finance Committee, Ron Wyden, has requested an official investigation into the recent hack of the X account of the US Securities and Exchange Commission (SEC). The letter is co-written by prominent crypto advocate Cynthia Lummis and will also seek to begin a probe into the SEC’s failure to employ the best cybersecurity measures to protect its digital presence.
SEC X Account Hack Draws Criticisms From US Senators
On January 9, the X account of the SEC made a surprise announcement confirming the approval of Bitcoin spot ETF trading in the US. This statement was quickly countered by the SEC’s Chairman Gary Gensler, who stated the commission’s X handle had been compromised and the ETF-related announcement was false.
Although the SEC eventually approved the Bitcoin spot ETF launch on January 10, unauthorized access to one of the commission’s social media platforms has drawn much concern from the general populace, with US Senators now seeking an explanation.
In a letter on January 11 to Honorable Deborah J. Jeffery, the Inspector General of the SEC, US Senators Ron Wyden and Cynthia Lummis demanded an investigation into the incident and the Commission’s negligence of its cybersecurity protocols. Meanwhile, US Senators JD Vance and Thom Tillis have also written to the Commission’s Boss, Gary Gensler, seeking a comprehensive explanation of the incident.
Lummis And Wyden Slam SEC On Poor Cybersecurity Practice
In the letter to the Inspector General of the SEC, Wyden and Lummis expressed their disappointment in the SEC’s internet security after an official statement by X revealed the hack occurred due to the non-implementation of multi-factor authentication (MFA) on the US regulator’s account.
X stated that the non-existence of an MFA allowed an unauthorized person to access the SEC’s X account by gaining control of a phone number associated with the said number. The US Senators stated that the SEC should have also employed the best security measures, implementing not just an MFA but a security keys protocol, which is highly recommended by industry experts.
They said that this act of negligence is inexcusable as it can result in possible market manipulation. A statement from the letter read:
The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure. Additionally, a hack resulting in the publication of material information for investors could have significant impacts on the stability of the financial system and trust in public markets, including potential market manipulation.
The US Senators have now urged Jeffery to open an investigation into this scanting incident as well as identify any existing bugs in your Commission’s cybersecurity protocol. The SEC Inspector General is expected to turn in a report by February 12, 2024.