SEC Issues Statement on Past Unauthorized Access to Its Twitter Account

• SEC Chair Gary Gensler addresses a recent cyber breach that created false announcements regarding BTC ETF approval.
• SEC staff mitigated the breach by deleting unauthorized posts and clarifying through @garygensler account.
• Gensler emphasizes commitment to cybersecurity, ongoing impact assessment, and collaboration with law enforcement.

In a statement released by U.S. Securities and Exchange Commission (SEC) Chair Gary Gensler, the agency addressed a recent cybersecurity incident involving unauthorized access to its official Twitter account, @SECGov. The breach occurred on Tuesday, January 9, 2024, when an unknown party gained control over the associated phone number. Notably, this statement confirms that the breach has since been terminated, and the SEC is actively investigating the incident.

Gary Gensler emphasized the temporary compromise of the @SECGov account and its subsequent misuse to disseminate misleading information. “Shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized party gained access to the @SECGov X.com account by obtaining control over the phone number associated with the account,” the statement reads. Gensler clarified that, despite the breach, there is no evidence suggesting access to SEC systems, data, devices, or other social media accounts.

The unauthorized party leveraged the compromised account to make a false announcement regarding the Commission’s approval of spot bitcoin exchange-traded funds, causing momentary confusion in the cryptocurrency market. Gensler’s statement highlights the swift response from SEC staff, who, upon detecting the breach, promptly deleted the unauthorized posts, un-liked external tweets, and informed the public of the compromised status through Gensler’s official Twitter account, @garygensler.

“We take our cybersecurity obligations seriously,” Gensler asserted, acknowledging the ongoing assessment of the incident’s impacts on the SEC, investors, and the marketplace. The agency remains committed to transparency and is coordinating with relevant law enforcement and oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, among others.

The statement concluded by reiterating that the SEC’s official actions are communicated exclusively through its website (http://www.sec.gov), not through social media channels. Social media posts, including those from compromised accounts, only amplify announcements made on the official SEC website. As the investigation progresses, the SEC pledges to provide updates on the incident as deemed appropriate.