Senators want to know why the SEC’s X account wasn’t secured with MFA
Finance Committee chair Ron Wyden called it “inexcusable” to not use additional protections.
Another lawmaker is pushing the Securities and Exchange Commission for more information about its security practices following the hack of its verified account on X. In a new letter to the agency’s Inspector general, Senator Ron Wyden, called for an investigation into “the SEC’s apparent failure to follow cybersecurity best practices.”
The letter, which was first reported by Axios, comes days after the SEC’s official X account was taken over in order to post a tweet claiming that spot bitcoin ETFs had been approved by the regulator. The rogue post temporarily juiced the price of bitcoin and forced SEC chair Gary Gensler to chime in from his X account that the approval had not, in fact, happened. (The SEC did approve 11 spot bitcoin ETFs a day later, with Gensler saying in a statement that “bitcoin is primarily a speculative, volatile asset that’s also used for illicit activity.”)
The incident has raised a number of questions about the SEC’s security practices after officials at X said the financial regulator had not been using multi-factor authentication to secure its account. In the letter, Wyden, who chairs the Senate’s finance committee, said it would be "inexcusable" for the agency to not use additional layers of security to lock down its social media accounts.
“Given the obvious potential for market manipulation, if X’s statement is correct, the SEC’s social media accounts should have been secured using industry best practices,” Wyden wrote. “Not only should the agency have enabled MFA, but it should have secured its accounts with phishing-resistant hardware tokens, commonly known as security keys, which are the gold standard for account cybersecurity. The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure”
Wyden isn’t the only lawmaker who has pushed the SEC for more details about the hack. Senators J. D. Vance and Thom Tillis sent a letter of their own, addressed to Gensler, immediately following the incident. They asked for a briefing about the agency’s security policies and investigation into the hack by January 23.
The SEC didn’t immediately respond to a request for comment. The agency said in an earlier statement that it was working with the FBI and the Inspector General to investigate the matter.