U.S. Senator Katie Britt: SEC Hack Shows Cyber Vulnerabilities
WASHINGTON, D.C., January 11, 2024 — U.S. Senator Katie Britt (R-Ala.), a member of the Senate Committee on Banking, Housing, and Urban Affairs, today released the following statement on the reported hack of the U.S. Securities and Exchange Commission’s (SEC) official account on X, formerly known as Twitter.
“Congress and the American people deserve answers regarding the recent hack of an SEC official account. Not only did this hack jeopardize sensitive information collected by the SEC, but the hackers created a significant market disruption by tweeting false information regarding the approval of spot Bitcoin ETFs. These types of cyber vulnerabilities are primary reasons why the SEC should halt its efforts to advance rulemakings that pose serious risks to Americans’ personal information. This incident further substantiates my concerns and should serve as a blaring wake-up call. The SEC needs to get serious about cybersecurity, including by withdrawing the Consolidated Audit Trail and cyber disclosure rules,” said Senator Britt.
Background:
On January 9th, 2024, the SEC’s official X account announced the approval of Bitcoin exchange-traded funds (ETFs) to be listed on all registered U.S. securities exchanges. This market-moving information immediately resulted in a spike in the price of Bitcoin. The SEC then retracted the announcement, stating the Commission’s account was compromised. Less than 24 hours later, the SEC proceeded to formally announce their approval for the listing of Bitcoin ETFs on U.S. securities exchanges. The incident created market confusion, led to a significant swing in the value of Bitcoin, and compromised sensitive information collected by the SEC. This type of intrusion spotlights the cybersecurity deficiencies at the agency during a time in which the Commission is seeking to collect even more sensitive personal information from investors.
In October 2023, Senator Britt and Senator John Kennedy (R-La.) sent a letter to the Government Accountability Office asking them to investigate the potential risks, constitutional issues, and privacy concerns raised by the SEC’s Consolidated Audit Trail (CAT), which tracks trades across American markets, giving regulators access to an investor’s personally identifiable information and trade activity.
Senator Britt is also a cosponsor of the Protecting Investors’ Personally Identifiable Information Act, which would prohibit the SEC from requiring brokers to submit investors’ personally identifiable information to CAT.
In December 2023, a new rule was finalized by the SEC regarding cybersecurity disclosures. This rule will require a business impacted by a cybersecurity breach to file exhaustive disclosures detailing all impacts to their business resulting from the breach within four business days. The cyber disclosure rule creates an onerous and inflexible reporting regime that fundamentally makes markets less, not more, safe by making it harder for firms to react to cyberattacks and events and opens the door to national security threats from bad actors.
###
