SEC Takes Cybersecurity “Seriously,” Gensler Says in New Letter

cryptonews.com:

United States and Securities Exchange (SEC) Chair Gary Gensler claimed the federal agency takes its “cybersecurity obligations seriously” in a February 6 letter following last month’s SIM swap attack.

The letter was drafted as a response to House Republicans who previously scrutinized Gensler’s handling of a SIM swap attack that caused a fraudulent post on the SEC’s X account regarding the status of spot Bitcoin ETF approvals early last month.

In the letter, Gensler listed a complete timeline of the SIM swap attack while assuring that “the SEC takes its cybersecurity operations seriously.”

“Among other things, law enforcement is currently investigating how the unauthorized party got the carrier to change the SIM for the account and how the party knew which phone number was associated with the account,” the SEC Chair wrote. “SEC staff continue to assess the scope of the incident and coordinate with all of our law enforcement partners.”

The SEC has yet to be able to identify the unauthorized party behind the attack, however.

We can confirm that the account @SECGov was compromised and we have completed a preliminary investigation. Based on our investigation, the compromise was not due to any breach of X’s systems, but rather due to an unidentified individual obtaining control over a phone number…

— Safety (@Safety) January 10, 2024

House Republicans’ original letter, signed by Congressmen Patrick McHenry (NC-10), Bill Huezing (MI-04), French Hill (AR-02), and Ann Wagner (MO-02) heavily criticized Gensler for his irresponsibility.

“According to X’s preliminary investigation, the SEC account did not have two-factor authentication enabled, and an unidentified individual obtained control of a phone number associated with the SEC’s