Darkreading.com reported that “Senators from both parties called the Securities and Exchange Commission’s lack of MFA “inexcusable” and demand investigation into the regulator’s cybersecurity lapse. … Following the Securities and Exchange Commission’s X account, formerly known as Twitter, compromise on Jan. 9, two Senators have issued a statement calling the hack “inexcusable” and urging the Inspector General of the US Securities and Exchange Commission (SEC) to investigate the regulator’s failure to have basic multifactor authentication (MFA) protections in place.”  The January 12, 2024 report entitled ” SEC X Account Hack Draws Senate Outrage” (https://www.darkreading.com/cyberattacks-data-breaches/sec-x-account-crypto-hack-draws-senate-ire-) included these comments Senators Ron Wyden (D-Ore), and Cynthia Lummis, (R-Wyo.):

Additionally, a hack resulting in the publication of material information for investors could have significant impacts on the stability of the financial system and trust in public markets, including potential market manipulation,…

We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed.

Unfortunately I’m sure no one is surprised by the lack of MFA!

First published at https://www.vogelitlaw.com/blog/anyone-surprised-the-senate-is-outraged-over-the-sec-x-account-hack-based-on-lack-of-mfa