Key takeaways:
- SEC Chairman Gary Gensler, in a recent press release, addresses the unauthorized access to the SEC’s ‘@SECGov’ X account.
- Gensler provides reassurance by stating that there is no evidence suggesting the breach extended to SEC systems or data.
In a recent statement, Gary Gensler, Chairman of the United States Securities and Exchange Commission (SEC), responded to the unauthorized access to the SEC’s official Twitter account, @SECGov X (formerly Twitter).
The incident involved an unauthorized party gaining access to the account by taking control of the associated phone number, echoing the techniques used in SIM-swapping attacks. These attacks, which can be countered with multi-factor authentication, were ironically recommended by Gensler himself in a previous post.
The Office of Public Affairs staff successfully recovered the account later, removing the initial post by the malicious actor and reversing the “liked” status of previous posts.
At 4:42 pm on that same day, a new post from @SECGov acknowledged the compromise. According to a request to X.com, it is inferred that the hacker lost access to the account between 4:40 pm ET and 5:30 pm ET.”
Expressing the gravity of the situation, Gensler emphasized the SEC’s commitment to evaluating the breach’s impact on other agencies, crypto investors, and marketplaces.
This hack came around the crucial timing of SEC’s landmark decision on spot Bitcoin ETF applications.
Despite the intruder’s actions, including liking posts by non-SEC accounts and making a cryptocurrency-related post, investigations have revealed no harm to SEC systems, data, devices, or other social media accounts.
Acknowledging the broader implications for the security of the SEC’s social media presence, Gensler stated that ongoing assessments will determine if additional remedial measures are necessary.
The hack has prompted a call for a comprehensive investigation into the agency’s cybersecurity practices, with Senators Ron Wyden and Cynthia Lummis advocating for an independent probe.
Collaborating with law enforcement and security agencies such as the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the SEC is actively working to identify the responsible party and assess the full extent of the breach.
Gensler affirmed, “Commission staff are still assessing the impacts of this incident on the agency, investors, and the marketplace but recognize that those impacts include concerns about the security of the SEC’s social media accounts.”
As the investigation unfolds, the SEC urges continued vigilance and emphasizes the need for robust cybersecurity practices in the financial sector.
