TLDR:
- Senators Ron Wyden and Cynthia Lummis have called for an investigation into the Securities and Exchange Commission’s (SEC) lack of basic multifactor authentication (MFA) following the hack of the SEC X account (formerly known as Twitter).
- The Senators argue that the hack, which resulted in the publication of material information, could have significant impacts on the stability of the financial system and trust in public markets.
- They specifically question why the SEC didn’t implement an alternative MFA process, such as a third-party authentication app or security key, after Twitter changed its policy to only offer text-based two-factor authentication to premium subscribers.
- The SEC’s failure to follow cybersecurity best practices is deemed inexcusable, especially given its new requirements for cybersecurity disclosure, according to the Senators.
Senators from both political parties have expressed outrage and called for an investigation into the hack of the Securities and Exchange Commission’s (SEC) X account, formerly known as Twitter. In a statement, Senators Ron Wyden and Cynthia Lummis described the SEC’s lack of multifactor authentication (MFA) protections as “inexcusable” and urged the agency’s Inspector General to look into the matter. They highlighted the potential impact of the hack on the stability of the financial system and trust in public markets.
The Senators specifically questioned the SEC’s failure to implement an alternative MFA process after Twitter changed its policy to only offer text-based two-factor authentication to premium subscribers. They suggested that the agency could have used a third-party authentication app or security key to enhance its cybersecurity measures.
The hack of the SEC X account, which was compromised by crypto hackers who manipulated the bitcoin market by putting out miscommunications, revealed the agency’s vulnerability to cyber threats. The Senators argued that not only should the SEC have enabled MFA, but it should have also used phishing-resistant hardware tokens like security keys. They criticized the agency for its poor cybersecurity practices and emphasized that the SEC’s failure to follow cybersecurity best practices is unacceptable, given its new requirements for cybersecurity disclosure.
Overall, the incident has sparked outrage among Senators, who are demanding a thorough investigation into the SEC’s cybersecurity practices. The hack underscores the importance of implementing strong cybersecurity measures, including MFA, to protect sensitive information and maintain trust in the financial system.