Blog Detail

Data Breach Concerns: Morgan Stanley will Pay $35 Million to Resolve SEC Claims That it Mismanaged Client Data

According to the Securities and Exchange Commission, a Morgan Stanley affiliate has agreed to pay $35 million to resolve claims that it failed to protect personal information for millions of clients on many occasions.

According to the SEC, Morgan Stanley Smith Barney failed to preserve personal identifying information for 15 million consumers for five years. The company agreed to pay the penalties without acknowledging or contesting its findings.

Unable to dispose of sensitive information

According to the SEC, the organization neglected to appropriately dispose of devices carrying sensitive information beginning in 2015, including regularly contracting a moving and storage company with no required skills to decommission thousands of hard drives and servers. Those gadgets ultimately went to a third party and were auctioned off online, with the personal information intact and unencrypted. According to the regulator, just a percentage of the equipment was retrieved.

The SEC also stated that the business lost track of 42 servers storing personal information while conducting a hardware renewal program and that it neglected to activate available encryption software on those systems for years earlier.

The Failure of MSSB

“The MSSB’s failures in this case are astounding.” Customers entrust their private data to professionals in finance with the knowledge and assumption that it will be safeguarded, and MSSB fell severely short in doing so,” Gurbir Grewal, the SEC’s enforcement director, said in a press release.

A Morgan Stanley spokeswoman stated in a statement that the business was glad to rectify the issue and had previously warned influenced clients of the concerns. According to the company, no illegal access or abuse of private data has been found.

The original article is posted on Morgan Stanley to pay $35 million to settle SEC charges it mishandled customer data | Reuters