Gary Gensler, Chairman of the U.S. Securities and Exchange Commission (SEC), stated that there is "no evidence" indicating that the unauthorized party who breached the SEC X's (formerly Twitter) account on January 9 gained access to other systems, data, devices, or existing social media accounts. In response to the security breach, Gensler affirmed the SEC's commitment to taking the incident seriously and is currently evaluating the impact of the breach on other institutions, as well as its implications for cryptocurrency investors and markets.
Highlighting the significance of the security breach, Gensler acknowledged concerns regarding the safety of the agency's social media accounts. He emphasized that the SEC's staff will continue to assess whether additional remedial actions are necessary. The SEC is actively collaborating with law enforcement and security agencies, including the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, as part of the ongoing investigation into the incident.
Gensler's statement outlined that on January 9, an unauthorized party seized control of the official SECGov X account by exploiting its phone number at 4:11 PM ET. The intruder posted a message claiming that the SEC had approved spot Bitcoin Exchange Traded Funds (ETFs). The SEC promptly sought assistance from X, and unauthorized access was terminated between 4:40 PM and 5:30 PM ET. Additionally, Gensler stressed that the SEC will refrain from using X or any other social media platform to announce official developments.
Responding to the incident, Senators Ron Wyden and Cynthia Lummis issued a letter on January 11 urging SEC Inspector General Deborah Jeffrey to initiate an investigation into the commission's cybersecurity practices.
