2 min read

Morgan Stanley Receives $60 Million Fine for Improper Handling of Customer Data

Alina BÎZGĂ

October 13, 2020

Morgan Stanley Receives $60 Million Fine for Improper Handling of Customer Data

Morgan Stanley investment bank must pay a whopping $60 million fine for failing to properly decommission multiple business data centers that stored sensitive customer information, the Office of the Comptroller of the Currency (OCC) announced earlier this month.

According to a civil penalty consent order, the oversights in handling the retirement of the data centers began in 2016. However, similar shortcomings were observed in 2019, when the bank failed to properly dispose of customer data stored on computer servers at a local branch.

“In 2016, the Bank failed to exercise proper oversight of the decommissioning of two Wealth Management business data centers located in the US,” The OCC said.

“In connection with the decommissioning, the Bank, among other things, failed to effectively assess or address the risks associated with the decommissioning of its hardware; failed to adequately assess the risk of using third-party vendors, including subcontractors; and failed to maintain an appropriate inventory of customer data stored on the devices. The Bank failed to exercise adequate due diligence in selecting the third party vendor engaged by Morgan Stanley and failed to adequately monitor the vendor”s performance.”

A $5 million class-action lawsuit on behalf of about 100 customers was also filed against the bank earlier this year.

The lawsuit claims Morgan Stanley failed to secure and safeguard personal identifiable information on previously decommissioned company-owned equipment. Additionally, the bank doesn”t know the whereabouts of the retired equipment that stored unencrypted customer data, such as Social Security numbers, passport numbers, addresses, telephone numbers, email addresses, account numbers, dates of birth, income, asset value and holding information.

“Plaintiff brings this class action against Morgan Stanley for its failure to properly secure and safeguard personal identifiable information,” a class action complaint reads. “Plaintiff also alleges Defendant failed to provide timely, accurate, and adequate notice to Plaintiff and similarly situated Morgan Stanley current and former customers (“Class Members”) that their PII had been lost and precisely what types of information was unencrypted and in the possession of unknown third parties.”

Data breaches don”t necessarily stem from a malicious actor or intrusions on a company network. Although data mismanagement is often attributed to errors on the part of IT, employee behavior and carelessness of third-party vendors are as much to blame for exposing data.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents The UK Government Plans to Make Digital Identities Secure and Trusted Official Documents
Alina BÎZGĂ

July 21, 2021

1 min read
Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says Dozens of Facebook Engineers Illegally Accessed Private User Data, New Book Says
Silviu STAHIE

July 15, 2021

1 min read
Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online Are you a TikToker? Check Out These Eight Security Tips to Help You Minimize Your Digital Footprint and Stay Safe Online
Alina BÎZGĂ

July 14, 2021

5 min read