In response to a recent breach of the U.S. Securities and Exchange Commission’s (SEC) X account, Gary Gensler, chair of the SEC, has addressed lawmakers to assure them of the agency’s commitment to cybersecurity. The breach occurred on Jan. 9 through a SIM swap attack, leading to the publication of a false message about the approval of spot Bitcoin ETFs. Although the SEC did approve these funds on Jan. 10, the initial message was unauthorized and inauthentic.
SEC’s Response to Lawmakers
In a letter to House members Patrick McHenry, Bill Huizenga, French Hill, and Ann Wagner, Gensler reiterated the SEC’s dedication to cybersecurity. He informed them that a briefing was conducted on Jan. 17, addressing the incident and their concerns. This response met the deadline set by the lawmakers in their letter dated Jan. 10, in which they urged the SEC to adhere to the security disclosure standards it imposes on companies.
In a separate letter on Jan. 11, Senators Ron Wyden and Cynthia Lummis requested that the SEC initiate an investigation into multi-factor authentication and phishing-resistant hardware tokens. They also urged the agency to address and close any security gaps. While an update was expected on Feb. 12, the recent letter from Gensler did not address the senators’ concerns, and no further response has been reported.
Gensler’s letter provided details about the attack timeline that were previously known. He also offered an update on investigations into the breach. Law enforcement is currently investigating how the attacker was able to persuade the carrier service to change the SIM associated with the SEC’s X account. Additionally, they are looking into how the attacker identified the phone number associated with the account.
Gensler’s Public Statement and Undisclosed Letter
Gensler publicly confirmed the compromise of the SEC’s X account on Jan. 9, releasing a statement on Jan. 12. However, the recent letter to lawmakers, dated Feb. 6, remained undisclosed until it was publicized by Politico on Feb. 8. This letter, which emphasized the SEC’s commitment to cybersecurity, garnered attention from various sources today.
Gary Gensler’s response to lawmakers regarding the breach of the SEC’s X account showcases the agency’s dedication to cybersecurity. By addressing their concerns and conducting a briefing, the SEC demonstrated its willingness to engage with lawmakers and uphold the security disclosure standards it imposes on companies. As investigations into the attack continue, it is essential for the SEC to strengthen its systems and implement additional security measures to prevent future breaches.