Congress has been reassured by U.S. Securities and Exchange Commission (SEC) Chairman Gary Gensler that the securities regulator “takes its cybersecurity obligations seriously.” Following the SEC’s account being hacked on social media site X, where a post erroneously declared that spot bitcoin exchange-traded funds (ETFs) were approved, lawmakers voiced concerns.
Gensler: SEC Is Serious About Its Cybersecurity Duties
In response to a letter from Representatives Patrick McHenry, Bill Huizenga, French Hill, and Ann Wagner on Tuesday concerning the recent unapproved access to the SEC’s account on social networking site X, Gary Gensler, the chairman of the U.S. Securities and Exchange Commission (SEC), responded.
On January 9, a bogus notification regarding the approval of spot bitcoin exchange-traded funds (ETFs) was released following a breach of the SEC’s @SECGov account. But at the time, the regulator had not given any such consent. It was subsequently disclosed by the SEC to be a SIM swap attack. Gensler revealed to lawmakers:
Staff members of the SEC proactively contacted and initiated communication with relevant law enforcement and federal oversight organizations.
The chair of the SEC made it clear that the securities watchdog is conducting an investigation into the incident in collaboration with the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), the Commodity Futures Trading Commission (CFTC), the Department of Homeland Security (DHS), and its own Division of Enforcement and Office of Inspector General.
Gensler gave the lawmakers additional assurances, saying, “SEC staff continues to coordinate with all of our law enforcement partners and assess the scope of the incident.” Currently under investigation by law authorities are, among other things, how the uninvited party was able to get the carrier to switch the SIM for the account and how they found out which phone number was linked to the account. Thus far, SEC employees have not found any proof that the unapproved party obtained access to SEC devices, data, systems, or other social media accounts.
Gensler concluded his letter by saying:
The SEC takes its responsibility for cybersecurity very seriously, I can promise you.
How can Gary Gensler convince lawmakers in the United States that the SEC takes its cybersecurity responsibilities seriously? Tell us in the space provided for comments below.