Senators want to know why the SEC’s X account wasn’t secured with MFA

Another lawmaker is pushing the Securities and Exchange Commission to learn more about its security practices after its verified account at X was hacked. new letter The agency’s inspector general, Sen. Ron Wyden, called for an investigation into “the SEC’s failure to follow cybersecurity best practices.”

The first letter AxiosIt comes days after the SEC’s official X report to post a tweet claiming that spot bitcoin ETFs have been approved by the regulator. The mischievous post temporarily drove down the price of bitcoin and prompted SEC Chairman Gary Gensler to say that the confirmation from X’s account did not actually happen. (The SEC approved an 11-spot bitcoin ETF with Gensler a day later in a statement “Bitcoin is a speculative, volatile asset used primarily for illegal activity.”)

The incident raised several questions about the SEC’s security practices after Company X officials said the financial regulator did not use multi-factor authentication to protect its account. In the letter, Wyden, who chairs the Senate finance committee, said there was “no excuse” for the agency’s failure to use additional layers of security to lock down social media accounts.

“Given the obvious potential for market manipulation, if X’s statement is correct, the SEC’s social media accounts should have been secured using industry best practices,” Wyden said. “Not only did the agency have to implement MFA, but it also had to secure its accounts with phishing-resistant hardware tokens known as security keys, the gold standard for cybersecurity. The SEC’s failure to follow cybersecurity best practices is inexcusable, especially given the agency’s new cybersecurity disclosure requirements.”

Wyden isn’t the only lawmaker pushing the SEC for more details about the hack. Sent by Senators JD Vance and Tom Tillis They were addressed to Gensler immediately after the incident. They asked for a briefing on the agency’s security policy and investigation into the hacking attack by January 23.

The SEC did not immediately respond to a request for comment. The agency said in an earlier statement that it was working with the FBI and the Inspector General to investigate the matter.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *