U.S. Securities and Exchange Commission Details

    Organization Logo

    U.S. Securities and Exchange Commission

    Washington, D.C.4500 employees • Governments

    https://www.sec.gov
    United States

    Industry

    Governments

    Security Incidents

    1

    The U.S. Securities and Exchange Commission (SEC) is a federal agency established to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. Founded on June 6, 1934, during the aftermath of the 1929 Wall Street Crash, it was created through the Securities Exchange Act of 1934. The SEC was a part of the New Deal program initiated by President Franklin D. Roosevelt to restore investor confidence and reform financial practices by regulating securities markets.

    The SEC's primary responsibilities include enforcing federal securities laws to deter fraud, ...
    Show more

    Security Incidents

    U.S. Securities and Exchange Commission Breach of Jan 2024
    Severity Score
    Significant to High

    Type

    3rd Party Compromise

    Summary

    On January 9, 2024, the U.S. Securities and Exchange Commission's (SEC) social media account on X (formerly Twitter) was compromised in a SIM swap attack orchestrated by Eric Council Jr., from Athens, Alabama, and his co-conspirators. Using stolen personal data and a forged identity, the attackers convinced a mobile carrier to reassign the phone number of an individual with access to the SEC's account to their own SIM card. This allowed them to bypass security measures like two-factor authentication and take control of the SEC's account.

    Once in control, they posted false information claiming...
    Show more

    Severity

    The SIM swap attack that led to the unauthorized takeover of the U.S. Securities and Exchange Commission's X account was a notable incident in the realm of financial market manipulation. A fabricated announcement on the SEC's account regarding Bitcoin exchange-traded funds approval caused Bitcoin prices to spike by over $1,000, but the swift correction led to a precipitous drop of more than $2,000. This hacking involved using stolen personal information to trick a mobile carrier, highlighting significant vulnerabilities in SIM swapping that allowed criminals to bypass security measures.

    The a...
    Show more

    Impact

    The incident involving the U.S. Securities and Exchange Commission's X account was a SIM swap attack aimed at manipulating cryptocurrency markets. Eric Council Jr. and his associates gained unauthorized access to the SEC's X account in January 2024 by fraudulently obtaining control over a phone number linked to the account manager. Using a fake ID to carry out this attack, they falsely announced the approval of Bitcoin exchange-traded funds (ETFs), causing an artificial spike in Bitcoin's price by $1,000. When the SEC regained control and clarified the misinformation, Bitcoin's price fell by $...
    Show more

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos