A bipartisan pair of senators is calling on the Securities and Exchange Commission (SEC) inspector general to open an investigation into the recent hacking of the agency's X (formerly known as Twitter) account.
In a letter Thursday, Sen. Ron Wyden (D-Ore.) and Sen. Cynthia Lummis (R-Wyo.) called out SEC Inspector General Deborah Jeffrey for “the SEC's clear failure to follow cybersecurity best practices. He called for an investigation to be launched into the matter.That letter is First reported by Axios on friday.
Mr. Wyden is chairman of the Senate Finance Committee, and Mr. Lummis is a member of the Senate Banking, Housing, and Urban Affairs Committee, which oversees the SEC.
The SEC revealed on Tuesday that the company's X account was hacked after it appeared to announce the approval of multiple Bitcoin investment funds. The false announcement came as the crypto industry awaited the agency's decision on more than a dozen similar funds.
The original post remained online for about 30 minutes before being removed and replaced with the SEC's disavowal. But the disruption caused by the hack sent Bitcoin's price soaring to nearly $48,000 before falling to less than $46,000 by Tuesday night.
“The @SECGov
Despite the false start, the SEC on Wednesday finally approved 11 exchange-traded funds (ETFs) to hold Bitcoin, marking the first time the agency has allowed trading of funds invested directly in crypto assets.
X said Wednesday that a “preliminary investigation” into the breach indicated it was “not due to a breach of X's systems, but rather due to an unidentified individual gaining control of the phone numbers associated with the SEC account.” He said it was found that.
The social media company also said the government agency did not have two-factor authentication enabled at the time of the hack.
“Given the clear potential for market manipulation, if Mr. It was,” he said.
The senators suggested that the SEC should have used multi-factor authentication and adopted phishing-resistant hardware tokens known as security keys.
Wyden and Lummis noted that starting in January 2022, systems hosted by government agencies will require security keys. They suggested that while not required for government agencies' social media accounts, “the guidance is clear” that such measures are necessary to protect against online attacks.
The senators cited a new rule requiring companies to disclose cybersecurity incidents within four business days, saying, “The SEC's failure to follow cybersecurity best practices is particularly relevant to the SEC's new requirements regarding cybersecurity disclosure. Considering this, it is inexcusable.”
“Furthermore, hacking that exposes information that is sensitive to investors could have a significant impact on the stability of the financial system and public market confidence, including the potential for market manipulation,” Wyden and Lummis. he added.
The call for a bipartisan investigation into the hack comes after several Republicans on the House Financial Services Committee on Wednesday demanded that SEC Chairman Gary Gensler explain the incident.
The group, which includes House Financial Services Committee Chairman Patrick McHenry (R.N.C.), said the revelation that two-factor authentication was not enabled on SEC accounts was “unacceptable.”
“Given yesterday's tweets, we expect the SEC to adhere to the same requirements imposed on companies across the country,” they wrote in a letter Wednesday. “All market participants are entitled to transparency from you and your agents.”
Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
