The Office of Inspector General issued a final report detailing the results of our special review of the loss of the former U.S. Securities and Exchange Commission (SEC) Chair Gary Gensler’s text messages. The report contains five recommendations that should further strengthen the SEC’s management of mobile devices and federal records.

WHY WE DID THIS REVIEW

Records are the foundation of open government, and electronic recordkeeping (including recordkeeping of text messages) helps ensure transparency, efficiency, and accountability. On January 17, 2024, the U.S. Securities and Exchange Commission (SEC or agency) Office of Information Technology (OIT) reported to us that, about four months earlier, the agency erased nearly a year’s worth of text messages sent and received by the then SEC Chair, Gary Gensler. We undertook this review to determine what happened and why, how the agency responded, and any implications for federal records management.

WHAT WE FOUND AND RECOMMENDED

OIT’s decisions and actions resulted in the inadvertent loss of text messages sent and received by Gensler between October 18, 2022, and September 6, 2023. Specifically, in August 2023 OIT implemented a poorly understood and automated policy that caused an enterprise wipe of Gensler’s government-issued mobile device. The device was erroneously thought to be inactive and no longer in use, and OIT had not backed up the device for nearly a year. In an effort to recover from the enterprise wipe, OIT hastily performed a factory reset, which deleted text messages stored on the device and the device’s operating system logs.

OIT’s response to this incident culminated in a contractor-produced after action report at an estimated cost of about $53,000. However, inadequacies in the report impacted its reliability and usefulness.

Furthermore, because OIT did not collect or maintain necessary log data, neither OIT, its contractor, nor we could determine why Gensler’s device stopped communicating with the SEC’s mobile device management system, which caused the device to appear inactive and led to the enterprise wipe. A series of additional OIT actions, deficiencies, and missed opportunities, including a lack of backups and procedures that failed to consider record retention requirements for Capstone officials (such as Gensler) exacerbated the situation and hindered the SEC’s response.

Although the SEC took steps to recover or recreate the deleted text messages, the agency was unable to collect or determine the entire universe, including some federal records. Since notifying our office, the SEC has disabled text messaging agencywide (with some exceptions), notified the National Archives and Records Administration in June 2025 of the lost records, and taken additional steps to back up Capstone officials’ records and data, among other actions. However, the loss of Gensler’s text messages may impact the SEC’s response to certain Freedom of Information Act requests.

While some matters we identified did not warrant recommendations, we are recommending specific actions to further strengthen the SEC’s management of mobile devices and federal records. These actions include updating or developing plans, policies, and procedures related to change management, Capstone officials’ devices, and the system used to manage mobile devices, among other topics.

Source: SEC

All the lecturing under the prior @SECGov leadership about data preservation. All the haranguing. All the self-righteousness. And then it turns out… pic.twitter.com/deSOTwOevQ

— paulgrewal.eth (@iampaulgrewal) September 4, 2025