The US Securities and Exchange Commission Addresses Security Incident
Gary Gensler, the chairman of the U.S. Securities and Exchange Commission (SEC), has responded to concerns raised by lawmakers regarding a security incident involving the SEC’s account on X.
Unauthorized SIM Swap Attack
An unauthorized individual executed a SIM swap attack on the SEC’s account on X, falsely announcing that the SEC had sanctioned several spot Bitcoin ETFs. Although the initial message was fake, the SEC did authorize those funds the following day.
Swift Response from Gensler
Gensler swiftly addressed the incident, reassuring lawmakers of the SEC’s commitment to cybersecurity. He emphasized the SEC’s dedication to stringent cybersecurity measures and arranged a briefing on Jan. 17 to address the incident and respond to inquiries from legislators.
Lawmakers’ Concerns
A group of House members had expressed concerns about the incident, urging the SEC to adhere to the same security disclosure standards it expects from regulated companies. They requested a detailed explanation by Jan. 17, which was met through the mentioned briefing.
Senators’ Calls for Enhanced Security Measures
Senators Ron Wyden and Cynthia Lummis engaged with the SEC, seeking an investigation into enhanced security measures such as multi-factor authentication and phishing-resistant hardware tokens. However, Gensler’s latest correspondence did not provide an update on these requests.
Ongoing Investigation
A report by Politico revealed that an ongoing investigation is being conducted into the SIM swap attack. The SEC is working to understand how the attacker accessed the phone number linked to its X account and bypassed security measures.
Critics’ Observations
Critics pointed out that the SEC’s X account lacked two-factor authentication at the time of the breach, a security feature that has since been enabled across all SEC social media platforms. The SEC is continuing its investigation and has found no evidence of further unauthorized access to its systems or data.