Following a cybersecurity breach that saw the official X (formerly Twitter) account of the US Securities and Exchange Commission (SEC) compromised, bipartisan lawmakers have begun urging the regulatory body to conduct a thorough review of its cybersecurity preparedness.
The breach occurred earlier this week when an unidentified individual gained unauthorised access to the SEC’s X account, and posted a false message announcing the approval of exchange traded funds (ETFs) for Bitcoin.
The misleading tweet, which claimed the SEC had greenlit the first U.S.-listed ETFs tracking Bitcoin, triggered a temporary surge in the cryptocurrency’s price to around $48,000. However, the market quickly corrected itself, with Bitcoin prices dropping to below $45,000 within minutes. While the SEC did eventually approve the Bitcoin ETFs on Wednesday, the unauthorised post has raised concerns about the agency’s cybersecurity practices.
Senators Ron Wyden (D-Oregon) and Cynthia Lummis (R-Wyoming) penned a joint letter to the SEC on Thursday, expressing their concerns and calling for a comprehensive investigation into what they deemed the “SEC’s apparent failure to follow cybersecurity best practices.” The senators highlighted the agency’s reliance on outdated security measures, particularly the absence of two-factor authentication (MFA) at the time of the breach.
The letter noted the critical importance of MFA, a two-step authentication process that typically involves entering a password and a security key sent via email or text message. The senators specifically urged the SEC to assess the use of phishing-resistant MFA to identify and address any lingering security vulnerabilities.
X, owned by billionaire Elon Musk, confirmed the security breach, stating that the unauthorised individual gained control over a phone number associated with the SEC’s account. The agency admitted that two-factor authentication was not enabled during the incident, raising questions about the adequacy of its cybersecurity protocols.
The SEC, in response to the breach, previously announced its collaboration with law enforcement agencies to investigate the hack. As calls for a more in-depth examination of the SEC’s cybersecurity practices grow, the regulatory body is under increasing pressure to bolster its defences and prevent future incidents that could impact financial markets.