Gary Gensler, the chair of the U.S. Securities and Exchange Commission (SEC), has recently responded to lawmakers regarding a breach of the SEC’s X account. In his letter to the lawmakers, Gensler acknowledged the seriousness of the breach and assured them that the SEC takes its cybersecurity obligations seriously.
Several House members, including Patrick McHenry, Bill Huizenga, French Hill, and Ann Wagner, wrote a letter to the SEC on January 10, urging the commission to hold itself to the same security disclosure standards it imposes on companies. In their letter, they emphasized the importance of protecting sensitive information and requested a response from the SEC by January 17.
Gensler’s letter, dated February 6, was a direct response to the lawmakers’ concerns. He informed them that the SEC’s Office of Legislative and Intergovernmental Affairs had arranged a briefing on January 17 to address the questions raised in their letter. This prompt response from the SEC suggests that they take the breach and lawmakers’ concerns seriously.
In addition to the House members’ letter, Senators Ron Wyden and Cynthia Lummis sent a separate letter on January 11, calling on the SEC to investigate multi-factor authentication and phishing-resistant hardware tokens for improved security. However, Gensler’s letter did not specifically address the senators’ request for an update on this matter, leaving the status of the investigation unknown.
In his letter, Gensler provided an update on the ongoing investigations into the breach. He mentioned that law enforcement is currently looking into how the attacker was able to change the SIM associated with the SEC’s X account and how they identified the phone number linked to the account. This information indicates that the SEC is actively working with law enforcement to identify the vulnerabilities and prevent future breaches.
Interestingly, Gensler’s letter to the lawmakers, which addressed their concerns and provided updates, went largely unnoticed until its recent publication by Politico on February 8. The fact that such an important communication from the SEC went unnoticed raises questions about the level of attention given to cybersecurity matters within the agency.
The SEC’s response to the breach of its X account demonstrated a commitment to addressing cybersecurity concerns raised by lawmakers. Gensler’s letter assured the lawmakers that the SEC takes cybersecurity seriously and is actively investigating the breach. However, the publication of the letter, which was previously unnoticed, highlights the need for better communication and transparency within the SEC regarding cybersecurity incidents.
Leave a Reply