US lawmakers urge SEC to fix cybersecurity after X account hack

Send a link to a friend  Share

[January 13, 2024]  (Reuters) - U.S. lawmakers have urged the Securities and Exchange Commission (SEC) to review its cyber security preparedness after the financial regulator's X account posted market material information earlier in the week due to a hack. 

The seal of the U.S. Securities and Exchange Commission (SEC) is seen at their headquarters in Washington, D.C., U.S., May 12, 2021. REUTERS/Andrew Kelly/File Photo

Someone briefly accessed its X, formerly called Twitter, account on Tuesday, the agency had confirmed, and posted a fake message saying it had approved exchange traded funds (ETF) for bitcoin.

The SEC eventually approved the first U.S.-listed ETFs to track bitcoin on Wednesday, but the unauthorized post a day earlier led to a rise in the price of Bitcoin to around $48,000 before falling to below $45,000 minutes later.

In a letter to the agency on Thursday, Ron Wyden, a Democratic senator from Oregon, and Cynthia Lummis, a Republican senator from Wyoming, sought an investigation into the incident, which they deemed as "SEC's apparent failure to follow cybersecurity best practices".X, which is owned by billionaire and Tesla boss Elon Musk, confirmed that hack. It said that an "unidentified individual" obtained control over a phone number associated with the agency's account and that the SEC did not have two-factor authentication enabled at the time.

Two-factor authentication (MFA) is a two-pronged privacy tool which allows access to an Internet account only after the user has keyed in the password and a security key sent over on email or on the phone.

"We urge you to investigate the agency's practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed," Wyden and Lumis said in their letter.

The SEC had earlier said it was working with law enforcement to investigate the hack.

(Reporting by Yuvraj Malik in Bengaluru; Editing by Krishna Chandra Eluri)

[© 2024 Thomson Reuters. All rights reserved.]

Copyright 2022 Reuters. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content.

 

 

Back to top