- US senators have raised concerns about the SEC’s misleading X post and demanded a report on the “claimed” X breach from SEC Chair Gary Gensler, setting Monday as deadline.
Senators J.D. Vance and Thom Tillis raised concerns about the Commission’s internal cybersecurity procedures while demanding clarity on the incident.
Two United States senators are calling on the United States Securities and Exchange Commission (SEC) to provide a report to Congress about the Jan. 9 breach of its X (formerly Twitter) account.
In a same-day letter to SEC Chair Gary Gensler, Senators J.D. Vance and Thom Tillis described the incident as raising “serious concerns” about the commission’s internal cybersecurity procedures.
"It is unacceptable that the agency entrusted with regulating the epicenter of the world’s capital markets would make such a colossal error." pic.twitter.com/xG77jM9xAM
— Senator Vance Press Office (@SenVancePress) January 10, 2024
It also called it “antithetical to the Commission’s tripartite mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.”
Concerned about the recent hack, which they said introduced “widespread confusion,” the two senators have requested the SEC provide Congress with a report about the incident, referring to a recently finalized rulemaking regarding cybersecurity disclosures.
The letter sent on Jan. 9 sets a deadline for Jan. 23.
The letter also reminded the SEC about the mandate that requires all businesses to disclose all impacts to the business within four days of a cybersecurity incident:
“If this ‘compromised’ social media post was indeed a result of a cybersecurity attack, would it be possible for the Commission (SEC) to provide Congress with a report on the breach within four business days? If not, please explain why.”
The incident occurred on Jan. 9, when the SEC’s X account shared a false tweet suggesting spot Bitcoin exchange-traded funds (ETFs) had been approved in the United States.
However, the excitement across the crypto community was short-lived after Gensler revealed that the SEC’s X account was compromised and was used to send out an unauthorized tweet.
The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— Gary Gensler (@GaryGensler) January 9, 2024
While the investors and markets reacted unpredictably amid the confusion, many pointed out the SEC’s lack of preparedness against cyberattacks and online threats.
An internal investigation from X confirmed the SEC account was not using two-factor authentication at the time of the breach. The X report also added:
“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.”
Several top-ranking government officials, including Senators Cynthia Lummis and Bill Hagerty, as well as Representative Ann Wagner, echoed the sentiment of fellow members of Congress.
Just like the SEC would demand accountability from a public company if they made such a colossal market-moving mistake, Congress needs answers on what just happened. This is unacceptable. https://t.co/tWtLqHtqpu
— Senator Bill Hagerty (@SenatorHagerty) January 9, 2024
While Hagerty demanded full disclosure about the incident, Lummis highlighted the risks associated with fraudulent announcements and asked for clarity on incidents that “can manipulate markets.”