Morgan Stanley was fined $6.5 million for disclosing information about clients!

23 November 2023 2 minutes Author: Newsman

Free kick: Morgan Stanley and the crisis of client confidence

Morgan Stanley has agreed to settle $6.5 million over the insecure disposal of equipment containing unencrypted personal information.

A multinational investment bank and financial services company potentially exposed the personal information of millions of customers due to lax internal data security practices, according to the Florida Attorney General’s Office.

An investigation into the company found that it did not properly delete unencrypted personal information stored on decommissioned devices.

In particular, when trying to decommission thousands of hard drives containing confidential consumer information, Morgan Stanley hired a “moving company with no data destruction experience” and was unable to control its actions.

The carrier company, the AG said, sold computer equipment at online auctions without Morgan Stanley’s knowledge. Eventually, a downstream buyer found the data and contacted Morgan Stanley.

During another decommissioning process, the financial company discovered 42 missing servers that potentially contained unencrypted customer information. An investigation revealed that the issue was caused by a “manufacturer’s error in the encryption software.”

The investigation also found that the finance company failed to implement adequate supplier controls and asset inventories that could have prevented the data exposure.

As part of the settlement (PDF), in addition to paying $6.5 million to the states of Florida, Connecticut, Indiana, New Jersey, New York and Vermont, Morgan Stanley was required to improve the security of personal information.

The company was ordered to encrypt data both at rest and in transit, implement data collection, use, storage and deletion policies, implement tools to track equipment containing personal information, and maintain an information security program, incident response plan and team supplier risk assessments.

That is why we say that cyber security must be taken very seriously!

This news is the result of a careless attitude to security, so draw your own conclusions!

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.