Based on current information, staff understands that, shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized party gained access to the @SECGov X.com account by obtaining control over the phone number associated with the account. The unauthorized party made one post at 4:11 pm ET purporting to announce the Commission’s approval of spot bitcoin exchange-traded funds, as well as a second post approximately two minutes later that said “$BTC.”

The unauthorized party subsequently deleted the second post, but not the first. Using the @SECGov account, the unauthorized party also liked two posts by non-SEC accounts. While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.

Upon becoming aware of the incident, staff in the Office of Public Affairs posted to the official @garygensler X.com account at 4:26 pm ET, alerting the public that the @SECGov account had been compromised, an unauthorized post was made, and the Commission had not approved the listing and trading of spot bitcoin exchange-traded products. Staff deleted the first unauthorized post on the @SECGov account, un-liked the two liked posts, and, at 4:42 pm ET, made a new post on the @SECGov account stating that the account had been compromised. Staff also reached out to X.com for assistance in terminating the unauthorized access to the @SECGov account. Based on information currently available, staff believe that the unauthorized access to the account was terminated between 4:40 pm ET and 5:30 pm ET.

The SEC takes its cybersecurity obligations seriously. Commission staff are still assessing the impacts of this incident on the agency, investors, and the marketplace but recognize that those impacts include concerns about the security of the SEC’s social media accounts. The staff also will continue to assess whether additional remedial measures are warranted.

Staff are coordinating with appropriate law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, amongst others, in their investigations. The agency will provide updates on the incident as appropriate. Importantly, the Commission makes its actions public on the Commission’s website, http://www.sec.gov.

The Commission does not use social media channels to make its actions public; social media posts only amplify announcements that are made on our website.

Source: SEC