Shortly after 4:00 pm ET on that fateful Tuesday, an unauthorised party gained control over the phone number linked to the @SECGov X.com account. At 4:11 pm ET, the intruder posted a fraudulent announcement, claiming that the Commission had approved spot Bitcoin ETFs. This post was followed by a cryptic “$BTC” message, which was later deleted. Additionally, the unauthorised party liked two posts from non-SEC accounts.
Immediate Response
The @SECGov twitter account was compromised, and an unauthorized tweet was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
The SEC’s swift and decisive response was crucial in mitigating the breach’s impact. At 4:26 pm ET, the Office of Public Affairs, headed by ChairGary Gensler, posted an official statement from his @garygensler X.com account. This statement clarified that the @SECGov account had been compromised and that no approval for spot Bitcoin ETFs had been granted. The first unauthorised post was promptly removed, and the two liked posts were un-liked.
The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products.
— U.S. Securities and Exchange Commission (@SECGov) January 9, 2024
By 4:42 pm ET, the SEC they issued another statement via the @SECGov account, confirming the account’s compromise. Collaborating with X.com, efforts to terminate the unauthorised access were successful between 4:40 pm ET and 5:30 pm ET. The SEC’s immediate and transparent response helped restore confidence and mitigate potential damage.
Cybersecurity and Ongoing Investigations
Transparency on X is of extreme importance.
Over the last couple of months, we started giving you more transparency on labels we may apply to your account that impact how X treats your content.
Our goal is to notify you every time a product label is applied to your account.…
In the wake of the breach, Chair Gary Gensler emphasised the SEC’s commitment to cybersecurity. Although there is no evidence of a violation of SEC systems, data, devices, or other social media accounts, the agency acknowledges the seriousness of the security concerns.
The SEC is working with law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, to investigate the incident thoroughly. These investigations aim to determine the breach’s origin and prevent future incidents.
It is worth noting that the SEC communicates its official actions exclusively through its website (http://www.sec.gov), not through social media channels. Social media is used solely to amplify announcements made on the official website, ensuring the integrity and authenticity of SEC communications.
Lawmakers’ Response
Fraudulent announcements, like the one that was made on the SEC’s social media, can manipulate markets. We need transparency on what happened.
The security breach has not gone unnoticed by lawmakers. Senators Ron Wyden and Cynthia Lummis have called for a comprehensive inquiry into the hack and the SEC’s cybersecurity practices. Their initiative demonstrates the seriousness with which cybersecurity breaches are regarded as policymakers seek to bolster the nation’s digital defences.
Conclusion
The SEC’s response to the recent cybersecurity breach is a testament to its dedication to maintaining the integrity of financial markets and safeguarding investors. While the incident may have caused momentary disruption, the agency’s transparency and swift action have helped restore confidence in its cybersecurity measures. As investigations continue, the SEC remains steadfast in its commitment to enhancing digital security and ensuring the authenticity of its communications. Maintaining the highest cybersecurity standards is paramount to safeguarding the financial world from cyber threats in an age where the digital landscape is constantly evolving.
