US lawmakers urge SEC to fix cybersecurity after X account hack

U.S. lawmakers have urged the Securities and Exchange Commission (SEC) to review its cyber security preparedness after the financial regulator’s X account posted market material information earlier in the week due to a hack.

Someone briefly accessed its X, formerly called Twitter, account on Tuesday, the agency had confirmed, and posted a fake message saying it had approved exchange traded funds (ETF) for bitcoin.

The SEC eventually approved the first U.S.-listed ETFs to track bitcoin on Wednesday, but the unauthorized post a day earlier led to a rise in the price of Bitcoin to around $48,000 before falling to below $45,000 minutes later.

In a letter to the agency on Thursday, Ron Wyden, a Democratic senator from Oregon, and Cynthia Lummis, a Republican senator from Wyoming, sought an investigation into the incident, which they deemed as “SEC’s apparent failure to follow cybersecurity best practices”.X, which is owned by billionaire and Tesla boss Elon Musk, confirmed that hack. It said that an “unidentified individual” obtained control over a phone number associated with the agency’s account and that the SEC did not have two-factor authentication enabled at the time.

Two-factor authentication (MFA) is a two-pronged privacy tool which allows access to an Internet account only after the user has keyed in the password and a security key sent over on email or on the phone.

“We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed,” Wyden and Lumis said in their letter.

The SEC had earlier said it was working with law enforcement to investigate the hack.