Morgan Stanley, the renowned financial institution, has recently reached an agreement to pay fines amounting to $6.5 million. These fines were imposed by state regulators due to two separate data-security incidents that put the personal information of millions of customers at risk.
Improper Handling of Customer Data
The first incident occurred when Morgan Stanley commissioned a moving company to dispose of a large number of hard drives and servers that contained valuable customer information. Unfortunately, some of these devices still retained client data and were subsequently sold at an auction. The bank became aware of this breach when a third-party buyer discovered the confidential data and promptly informed Morgan Stanley. New York Attorney General Letitia James, who announced the settlement, emphasized the importance of not auctioning off personal information without the individual’s knowledge.
Safeguarding Customer Data
To address these breaches and strengthen its data-security practices, Morgan Stanley has taken significant steps towards improvement. While the company had already made substantial changes following a similar incident in 2016 and an unrelated data-security event in 2019, the settlement requires Morgan Stanley to implement additional measures to ensure enhanced protection of customer data.
“No one should have their personal information auctioned off without their knowledge because a company failed to take basic steps to erase it before selling their old computers,” states Attorney General Letitia James. She emphasizes that both large and small companies bear the responsibility of safeguarding customer data seriously. Failure to do so could prompt legal action from her office.
Morgan Stanley remains committed to rectifying these breaches and upholding its duty of protecting customer information. With the implementation of robust data-security practices, the financial institution aims to regain and retain the trust of its valued clientele.
Morgan Stanley Resolved Investigation into Security Incidents
A recent statement from Morgan Stanley confirms that the company has resolved an investigation related to security incidents that occurred several years ago. The impacted clients were duly notified about these matters.
Missing Servers and Potential Data Exposure
Regulatory Actions and Legal Settlements
In response to these security incidents, Morgan Stanley faced regulatory penalties. The Office of the Comptroller of the Currency fined the company $60 million in 2020. Furthermore, the financial institution agreed to pay a $60 million settlement for a class-action lawsuit linked to the two incidents. The Securities and Exchange Commission also reached a settlement with Morgan Stanley, resulting in a $35 million resolution over the data-security incidents.
Enhanced Data-Security Measures
As part of the settlement with state attorneys general, Morgan Stanley has committed to implementing several measures to enhance its data-security protocols. These include implementing encryption for all personal information, adopting manual and automated procedures to monitor computer equipment, conducting risk assessments of vendors, and ensuring compliance with data-security requirements.
The attorneys general of Connecticut, Florida, Indiana, New Jersey, and Vermont joined in the settlement with Morgan Stanley.