Heimdal
Home > Cybersecurity News

Morgan Stanley Sanctioned for Exposing Information of 15 Million Customers

Morgan Stanley Will Pay a $35M Fine for “Extensive Failures” in Protecting Customers’ Personal Information.

Last updated on September 23, 2022

article featured image

Contents:

On Tuesday, September 20, 2022, The Securities and Exchange Commission (SEC) revealed that Morgan Stanley financial services corporation will be sanctioned with a $35M fine.

Morgan Stanley Smith Barney, the wealth & asset management division of Morgan Stanley, was accused of “extensive failures” in protecting important data that led to the exposure of 15 million customers’ personal information over a period of five years.

Morgan Stanley did not admit or deny the charges but accepted to pay the penalty for violating the Safeguards and Disposal Rules under Regulation S-P.

What Happened

According to SEC, the financial corporation did not properly discharge old drivers and servers that contained important data. Since 2015 Morgan Stanley hired a moving and storage company to handle thousands of devices.

However, the hired company had no expertise or experience in data destruction, and even sold thousands of Morgan Stanley devices to a third-party, including ones containing customer information. The devices were then resold on an auction website without the customer data getting removed.

The company attempted to get the devices back, but a vast majority of them could not be recovered.

Source

SEC also pointed to 42 missing servers, all of which could have contained unencrypted confidential material. The devices went missing after Morgan Stanley decommissioned the local office and branch servers.

Not the First Cybersecurity Incident

This is not the first cybersecurity incident for Morgan Stanley.

In 2016 the company paid a $1 million penalty for not properly protecting the information of its clients. At that time an employee copied sensitive data of approximately 730,000 clients to a personal server that later was breached.

In 2021 Morgan Stanley was the victim of the Accellion hack, again the personal information of clients was exposed. The hack affected many large businesses and the financial corporation was compromised through a third-party vendor.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Related Articles

Social Engineering Attacks Target Morgan Stanley Client AccountsInvestment Bank Morgan Stanley Discloses Data BreachAccellion Data Breach Impacts NSW Health

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V