Two United States senators are calling on the United States Securities and Exchange Commission to provide a report to Congress about the Jan. 9 X account breach.
In a same-day letter to SEC Chair Gary Gensler, Senators J.D. Vance and Thom Tillis described the incident as raising “serious concerns” about the commission’s internal cybersecurity procedures.
It also called it “antithetical to the Commission’s tripart mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.”
Concerned about the recent hack, which they said introduced “widespread confusion,” — the two senators have requested the SEC provide Congress with a report about the incident, referring to a recently finalized rulemaking regarding cybersecurity disclosures.
With the letter sent on Jan. 9, this would put the proposed deadline on Jan. 15. The letter reminded the SEC about the mandate that requires all business to disclose all impacts to the business within four days of a cybersecurity incident, as it asked:
“If this "compromised” social media post was indeed a result of a cybersecurity attack, would it be possible for the Commission (SEC) to provide Congress with a report on the breach within four business days? If not, please explain why."
The incident came about on Jan. 9, when the SEC’s X account shared a false tweet suggesting spot Bitcoin (BTC) exchange-traded funds (ETFs) had been approved in the United States.
However, the excitement across the crypto community was short-lived after Gensler revealed that the SEC’s X account was compromised and was used to send out an unauthorized tweet.
The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— Gary Gensler (@GaryGensler) January 9, 2024
While the investors and markets reacted unpredictably amid the confusion, many pointed out the SEC’s lack of preparedness against cyberattacks and online threats. An internal investigation from X confirmed the SEC account was not using two-factor authentication at the time of the breach. The X report also added:
“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”
In the letter addressed to the SEC, the senators asked Gensler for a cybersecurity disclosure “detailing all impacts to their business within four business days of the said breach.” If SEC’s investigations confirm X’s investigations, the SEC has been requested to provide Congress with a full report within four days as well.
Just like the SEC would demand accountability from a public company if they made such a colossal market-moving mistake, Congress needs answers on what just happened. This is unacceptable. https://t.co/tWtLqHtqpu
— Senator Bill Hagerty (@SenatorHagerty) January 9, 2024
Hagerty echoed the sentiment of fellow Congressmen, as he demanded full disclosure on the incident.
Magazine: 6 Questions for 20-year-old Sellix founder Daniele Servadei
