Washington D.C. – In response to the reported hack of the U.S. Securities and Exchange Commission’s (SEC) official account on X, formerly known as Twitter, U.S. Senator Katie Britt (R-Ala.), a member of the Senate Committee on Banking, Housing, and Urban Affairs, released a statement expressing her concerns.
“Congress and the American people deserve answers regarding the recent hack of an SEC official account. Not only did this hack jeopardize sensitive information collected by the SEC, but the hackers created a significant market disruption by tweeting false information regarding the approval of spot Bitcoin ETFs. These types of cyber vulnerabilities are primary reasons why the SEC should halt its efforts to advance rulemakings that pose serious risks to Americans’ personal information. This incident further substantiates my concerns and should serve as a blaring wake-up call. The SEC needs to get serious about cybersecurity, including by withdrawing the Consolidated Audit Trail and cyber disclosure rules,” said Senator Britt.
The incident in question occurred on January 9th, 2024, when the SEC’s official X account announced the approval of Bitcoin exchange-traded funds (ETFs) to be listed on all registered U.S. securities exchanges. This announcement led to a sudden spike in the price of Bitcoin. However, the SEC later retracted the statement, citing a compromise of the Commission’s account. Less than 24 hours later, the SEC officially confirmed the approval for the listing of Bitcoin ETFs on U.S. securities exchanges.
Pe Senator Britt this turn of events resulted in market confusion, a significant swing in the value of Bitcoin, and a compromise of sensitive information collected by the SEC. The incident underscored the cybersecurity deficiencies at the agency, particularly during a time when the Commission is seeking to collect even more sensitive personal information from investors.
Senator Britt, along with Senator John Kennedy (R-La.), had previously sent a letter to the Government Accountability Office in October 2023, requesting an investigation into potential risks, constitutional issues, and privacy concerns raised by the SEC’s Consolidated Audit Trail (CAT). The CAT tracks trades across American markets, providing regulators access to an investor’s personally identifiable information and trade activity.
Senator Britt is also a cosponsor of the Protecting Investors’ Personally Identifiable Information Act, which aims to prohibit the SEC from requiring brokers to submit investors’ personally identifiable information to CAT.
In December 2023, the SEC finalized a new rule regarding cybersecurity disclosures, requiring businesses impacted by a cybersecurity breach to file detailed disclosures within four business days. Senator Britt expressed concerns about the rule, stating that it creates an onerous and inflexible reporting regime, making markets less safe by hindering firms’ ability to react to cyberattacks and events, and potentially opening the door to national security threats from bad actors.
