January 12, 2024

Wyden, Lummis Urge Investigation into Hack of SEC Social Media Account

Washington, D.C. – U.S. Senators Ron Wyden, D-Ore., and Cynthia Lummis, R-Wyo., urged the Inspector General of the U.S. Securities and Exchange Commission (SEC) to open an investigation into the recent hack of the SEC’s social media account and the SEC’s apparent failure to follow cybersecurity best practices, in a letter released today. 

On January 9, 2024, the SEC revealed that an unknown party had hacked its official account on the social media platform X, formerly known as Twitter. Later that day, X released a statement 

that the hack involved “an unidentified individual obtaining control over a phone number associated with the @SECGov account through a third party.” X also said that the SEC’s official account did not have multi-factor authentication (MFA) enabled at the time the account was compromised.

“The SEC’s failure to follow cybersecurity best practices is inexcusable, particularly given the agency’s new requirements for cybersecurity disclosure. Additionally, a hack resulting in the publication of material information for investors could have significant impacts on the stability of the financial system and trust in public markets, including potential market manipulation. We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed,” the senators wrote in a letter to SEC Inspector General Deborah J. Jeffrey.

The senators requested an update on the investigation no later than February 12, 2024. 

The text of the letter is here