• Lawmakers demand SEC cybersecurity review post X-account hack.
• Unauthorized Bitcoin ETF post raises security concerns.
• Lawmakers stress immediate adoption of two-factor authentication by SEC.

U.S. lawmakers are urging the Securities and Exchange Commission (SEC) to undergo a comprehensive review of its cybersecurity preparedness after the agency’s X account, formerly known as Twitter, fell victim to a hack earlier in the week. The breach resulted in the unauthorized posting of market-moving information, prompting concerns about the SEC’s cybersecurity practices.

The incident occurred when an unidentified individual gained access to the SEC’s X account on Tuesday, posting a fake message that falsely claimed approval of exchange-traded funds (ETFs) for bitcoin. While the SEC ultimately approved the first U.S.-listed ETFs to track bitcoin on Wednesday, the earlier unauthorized post led to a temporary surge in Bitcoin’s price to around $48,000, followed by a quick drop to below $45,000.

In response to the breach, Democratic Senator Ron Wyden of Oregon and Republican Senator Cynthia Lummis of Wyoming penned a letter to the SEC on Thursday, calling for a thorough investigation into what they referred to as the “SEC’s apparent failure to follow cybersecurity best practices.” The letter highlights concerns about the SEC’s lack of two-factor authentication (2FA) at the time of the hack, emphasizing the need for enhanced security measures, particularly phishing-resistant 2FA.

X, owned by billionaire Elon Musk, confirmed the hack, revealing that the intruder had gained control over a phone number associated with the agency’s account. The absence of two-factor authentication during the incident raises questions about the SEC’s overall cybersecurity posture.

“We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed,” stated Wyden and Lummis in their letter. Two-factor authentication is a crucial security measure that requires users to input a password and a security key sent via email or text, providing an additional layer of protection against unauthorized access.

The SEC had previously announced its collaboration with law enforcement agencies to investigate the cyberattack. As lawmakers intensify their calls for a cybersecurity overhaul, the SEC faces mounting pressure to strengthen its defenses and safeguard against future breaches in the rapidly evolving landscape of financial technology.