Two United States senators are calling on the United States Securities and Exchange Commission to provide a report to Congress about the Jan. 9 X account breach.
In a same-day letter to SEC Chair Gary Gensler, Senators J.D. Vance and Thom Tillis described the incident as raising “serious concerns” about the commission’s internal cybersecurity procedures.
It also called it “antithetical to the Commission’s tripart mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.”
Concerned about the recent hack, which they said introduced “widespread confusion,” — the two senators have requested the SEC provide Congress with a report about the incident, referring to a recently finalized rulemaking regarding cybersecurity disclosures.
With the letter sent on Jan. 9, this would put the proposed deadline on Jan. 15.
The incident came about on Jan. 9, when the SEC’s X account shared a false tweet suggesting spot Bitcoin (BTC) exchange-traded funds (ETFs) had been approved in the United States.
However, the excitement across the crypto community was short-lived after Gensler revealed that the SEC’s X account was compromised and was used to send out an unauthorized tweet.
The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— Gary Gensler (@GaryGensler) January 9, 2024
While the investors and markets reacted unpredictably amid the confusion, many pointed out the SEC’s lack of preparedness against cyberattacks and online threats. An internal investigation from X confirmed the account was not using two-factor authentication at the time of the breach. The X report read:
“Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party. We can also confirm that the account did not have two-factor authentication enabled at the time the account was compromised.”
In the letter from Senator Vance and Senator Tillis, Gensler was asked to share details about the SEC’s timelines for Bitcoin ETFs ruling and its plans to remediate the issues linked to the fake approval tweet.
As shown above, the senators asked Gensler for a cybersecurity disclosure “detailing all impacts to their business within four business days of the said breach.” If SEC’s investigations confirm X’s investigations, the SEC has been requested to provide Congress with a full report within four days as well.
Just like the SEC would demand accountability from a public company if they made such a colossal market-moving mistake, Congress needs answers on what just happened. This is unacceptable. https://t.co/tWtLqHtqpu
— Senator Bill Hagerty (@SenatorHagerty) January 9, 2024
Hagerty echoed the sentiment of fellow Congressmen, as he demanded full disclosure on the incident.
Magazine: 6 Questions for 20-year-old Sellix founder Daniele Servadei