In a stunning turn of events, the SEC faced a major security breach on its official X account on Tuesday. A post falsely claimed that the regulator had greenlit the launch of the spot Bitcon ETF. However, Chairman Gary Gensler promptly clarified that no approval had been granted, and the misleading post, since deleted, was the work of an unauthorized user.
Stuart Alderoty, Chief Legal Officer at Ripple, responded to the incident, emphasizing that, per SEC rules, the nature and scope of the security breach, along with its impact on the market, must be disclosed within four days. He also attached a link to the SEC's rules on cybersecurity risk management and incident disclosure, underlining the importance of transparency in assessing, identifying and preventing such cybersecurity threats.
Alderoty's urgency stems from the SEC's own commitment to disclose material cybersecurity incidents promptly. The recently adopted rules, brought in by Gensler, require registrants to disclose any material cybersecurity incident and describe its nature, scope, timing and impact within four business days of determining its significance. Notably, disclosure may be delayed only if immediate disclosure poses a substantial risk to national security or public safety.
Back then, the SEC chairman, reflecting on the adoption of these rules, emphasized the need for consistent and comparable cybersecurity disclosure to benefit investors, companies and markets.
The focus now shifts to the SEC's response within the four-day deadline, as Ripple's chief lawyer sets the stage for a thorough explanation of the fake Bitcoin ETF approval incident that sent shockwaves through the crypto community.