On Tuesday, January 9, 2024, the SEC’s @SECGov X account was compromised. SEC staff are coordinating with appropriate law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, amongst others, in their investigations into the unauthorized activity.

The agency will provide updates on the incident as appropriate on this page.
 

 *   *   *

• January 22, 2024: Statement by an SEC Spokesperson to the Media
• January 12, 2024: Statement by Chair Gary Gensler on Unauthorized Access to the SEC’s @SECGov X.com Account
• January 10, 2024: Statement by an SEC Spokesperson to the Media
• January 9, 2024: Statement by an SEC Spokesperson to the Media
• January 9, 2024: Statement by an SEC Spokesperson to the Media
   

 *   *   *

January 22, 2024: Statement by an SEC Spokesperson to the Media:
We are providing the following update on the January 9, 2024, unauthorized access and activity (the “incident”) on the @SECGov X account:

SEC staff are continuing to coordinate with several law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Commodity Futures Trading Commission, the Department of Justice, and the SEC’s own Division of Enforcement. 

Two days after the incident, in consultation with the SEC’s telecom carrier, the SEC determined that the unauthorized party obtained control of the SEC cell phone number associated with the account in an apparent “SIM swap” attack. SIM swapping is a technique used to transfer a person’s phone number to another device without authorization, allowing the unauthorized party to begin receiving voice and SMS communications associated with the number. Access to the phone number occurred via the telecom carrier, not via SEC systems. SEC staff have not identified any evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.

Once in control of the phone number, the unauthorized party reset the password for the @SECGov account. Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account. 

While multi-factor authentication (MFA) had previously been enabled on the @SECGov X account, it was disabled by X Support, at the staff’s request, in July 2023 due to issues accessing the account. Once access was reestablished, MFA remained disabled until staff reenabled it after the account was compromised on January 9. MFA currently is enabled for all SEC social media accounts that offer it.

*   *   *

January 12, 2024: Statement by Chair Gary Gensler on Unauthorized Access to the SEC’s @SECGov X.com Account

Based on current information, staff understands that, shortly after 4:00 pm ET on Tuesday, January 9, 2024, an unauthorized party gained access to the @SECGov X.com account by obtaining control over the phone number associated with the account. The unauthorized party made one post at 4:11 pm ET purporting to announce the Commission’s approval of spot bitcoin exchange-traded funds, as well as a second post approximately two minutes later that said “$BTC.” The unauthorized party subsequently deleted the second post, but not the first. Using the @SECGov account, the unauthorized party also liked two posts by non-SEC accounts. While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to SEC systems, data, devices, or other social media accounts.

Upon becoming aware of the incident, staff in the Office of Public Affairs posted to the official @garygensler X.com account at 4:26 pm ET, alerting the public that the @SECGov account had been compromised, an unauthorized post was made, and the Commission had not approved the listing and trading of spot bitcoin exchange-traded products. Staff deleted the first unauthorized post on the @SECGov account, un-liked the two liked posts, and, at 4:42 pm ET, made a new post on the @SECGov account stating that the account had been compromised. Staff also reached out to X.com for assistance in terminating the unauthorized access to the @SECGov account. Based on information currently available, staff believe that the unauthorized access to the account was terminated between 4:40 pm ET and 5:30 pm ET.

The SEC takes its cybersecurity obligations seriously. Commission staff are still assessing the impacts of this incident on the agency, investors, and the marketplace but recognize that those impacts include concerns about the security of the SEC’s social media accounts. The staff also will continue to assess whether additional remedial measures are warranted.

Staff are coordinating with appropriate law enforcement and federal oversight entities, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, amongst others, in their investigations. The agency will provide updates on the incident as appropriate. Importantly, the Commission makes its actions public on the Commission’s website, http://www.sec.gov. The Commission does not use social media channels to make its actions public; social media posts only amplify announcements that are made on our website.
 

 *   *   *

January 10, 2024: Statement by an SEC Spokesperson to the Media:
We are providing the following update as it relates to the unauthorized access and activity on the @SECGov X.com account:

1. The SEC continues to investigate the matter and is coordinating with appropriate law enforcement entities, including the SEC’s Office of the Inspector General and the FBI.

2. The unauthorized content on the @SECGov account was not drafted or created by the SEC.

3. We will provide updates on the incident as appropriate.

4. Consistent with existing practice, any Commission action on exchange rule filings would be posted on the relevant section of the SEC’s website at https://www.sec.gov/ and then in the Federal Register. As always, that would be the first public indication of a Commission’s action.
    

 *   *   *

January 9, 2024: Statement by an SEC Spokesperson to the Media:
The SEC has determined that there was unauthorized access to and activity on the @SECGov x.com account by an unknown party for a brief period of time shortly after 4 pm ET. That unauthorized access has been terminated. The SEC will work with law enforcement and our partners across government to investigate the matter and determine appropriate next steps relating to both the unauthorized access and any related misconduct.
 

 *   *   *

January 9, 2024: Statement by an SEC Spokesperson to the Media:
The SEC's @SECGov X/Twitter account has been compromised. The unauthorized tweet regarding bitcoin ETFs was not made by the SEC or its staff.