‘Amazing.’ Morgan Stanley hard drive containing sensitive customer data has been auctioned online

Morgan Stanley is fined 35 million dollars from the Securities and Exchange Commission about serious failures to protect the personally identifiable information of its customers.
Since at least 2015 Morgan Stanley failed to properly dispose of devices containing sensitive customer data, according to the agreement.

In an episode described by the SEC, Morgan Stanley hired a moving company – a company with “no experience or expertise” in data destruction – to decrypt thousands of hard drives and storage servers. customer data.

The moving company then sold thousands of Morgan Stanley devices, some of which contained personally identifiable information, to third parties, the SEC said.

Those devices were eventually resold on an internet auction site – without removing sensitive data, according to the agreement.

Morgan Stanley was able to recover some devices containing “thousands of pieces of unencrypted customer data,” the SEC said.

“The company failed to restore the majority of the devices,” according to the agreement.

“The failures in this case by Morgan Stanley are staggering,” said Gurbir Grewal, director of the SEC’s enforcement division. “If not properly protected, this sensitive information could fall into the wrong hands and have disastrous consequences for investors.”

In addition to hardcore servers and drivers, the SEC found that Morgan Stanley failed to protect customer data and properly handle consumer reporting information in other ways, including when the company closed its doors. local office doors and branch servers. The settlement said a Morgan Stanley review found 42 servers, all of which could potentially contain unencrypted data and consumer reporting information, were “missing”.

Morgan Stanley agreed to pay the fine without admitting or denying the findings of the settlement.

In a statement, Morgan Stanley said it was pleased it had resolved the issue and expressed confidence that no sensitive data was exploited.

“We have notified existing customers in advance of these issues, which occurred several years ago, and have not detected any unauthorized access to or misuse of information,” Morgan Stanley said in the statement. customer’s personal information”.

Source link


News 7D: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button