Morgan Stanley Probe Said to Examine Whether Adviser Got Hacked

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://bloomberg.finanza.repubblica.it/Notizie/Article?documentKey=1376-NJZWB36JIJV201-1BBAFPKA21CLHJJ43JEC3S3FBR

A U.S. probe into how Morgan Stanley client information ended up for sale
on the Internet is examining whether a financial adviser was targeted by
hackers after he took data from the bank, two people briefed on the inquiry
said.

While Galen Marsh was dismissed for obtaining information on as many as
350,000 wealth-management clients, his lawyer said last month that the
30-year-old financial adviser didn’t seek to sell or use it for personal
gain. Federal investigators are trying to determine whether his computer
was breached after he removed data from the firm, the people said. There’s
no evidence Morgan Stanley’s own computers were hacked, said one of the
people, who’s familiar with the company’s review.

“Right from the beginning, we have stated very clearly, that Mr. Marsh had
nothing to do with any information being posted on the Internet,” Marsh’s
lawyer, Robert C. Gottlieb of Gottlieb & Gordon LLP, said Wednesday in a
phone interview.

Morgan Stanley, owner of the world’s largest brokerage, has sought to
contain the fallout since learning in December that someone had posted
information about 900 customers on the website Pastebin and asked potential
buyers to pay for more with a virtual currency. The firm said last month
that it had the data promptly removed from public view and that it notified
law enforcement.

No Fraud

Some client data has appeared online again since Marsh was dismissed,
prompting Morgan Stanley to have it taken down, said the people, who asked
not to be identified because the probe isn’t public. No customers have
reported fraud from the theft of the data, which included names and account
numbers but not Social Security numbers, passwords or bank information, one
of the people said. Morgan Stanley has begun changing account numbers as a
precaution, the person said.

Jim Margolin, a spokesman for Manhattan U.S. Attorney Preet Bharara,
declined to comment. The Wall Street Journal reported earlier Wednesday
that the U.S. is examining whether Marsh’s computer was hacked.

Marsh joined Morgan Stanley in 2008 as a sales assistant and was promoted
to financial adviser last year. He previously worked at Bear Stearns Cos.,
according to Financial Industry Regulatory Authority records.

He acknowledged that he shouldn’t have obtained the account information and
has been cooperating with Morgan Stanley to protect the firm and clients,
Gottlieb said last month.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!