Based on current information, employees understand that shortly after 4:00 PM ET on Tuesday, January 9, 2024, an unauthorized party gained access to the @SECGov X.com account by taking control of the phone number associated with the account. The unauthorized party made one post at 4:11 PM ET claiming to announce the Commission’s approval of Bitcoin exchange-traded funds, as well as a second post approximately two minutes later that said “$BTC.” The unauthorized party then deleted the second post, but not the first. Using the @SECGov account, the unauthorized party also liked two posts from non-SEC accounts. While SEC staff is still assessing the scope of the incident, there is currently no evidence that the unauthorized party gained access to other SEC systems, data, devices, or social media accounts.
Upon learning of the incident, Public Affairs Office staff posted to the official @garygensler and trading exchange-traded products in Bitcoin. Staff deleted the first unauthorized post on the @SECGov account, liked two liked posts, and at 4:42 PM ET, made a new post on the @SECGov account indicating that the account had been hacked. Employees also reached out to X.com for assistance in ending unauthorized access to the SECGov account. Based on currently available information, employees believe that unauthorized access to the account was terminated between 4:40 PM ET and 5:30 PM ET.
The SEC takes its cybersecurity obligations seriously. Commission staff is still assessing the impacts of this incident on the agency, investors, and the market, but recognizes that these impacts include concerns about the security of the SEC’s social media accounts. Staff will also continue to evaluate whether additional remedial measures are warranted.
Staff are coordinating with appropriate federal law enforcement and oversight agencies, including the SEC’s Office of Inspector General, the Federal Bureau of Investigation, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, among others, in their investigations. The agency will provide updates on the incident as appropriate. Most importantly, the Committee publishes its work on the Committee’s website http://www.sec.gov. The committee does not use social media channels to advertise its work; Social media posts only amplify the advertising conducted on our site.