BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Morgan Stanley Fires Employee Accused of Stealing Client Data

From: Richard Forno <rforno () infowarrior org>
Date: Mon, 5 Jan 2015 11:32:48 -0500
Morgan Stanley Fires Employee Accused of Stealing Client Data

By Michael J. Moore - Jan 5, 2015

http://www.bloomberg.com/news/print/2015-01-05/morgan-stanley-fires-employee-accused-of-stealing-client-data.html

Morgan Stanley (MS) fired an employee it said stole data, including account numbers, for as many as 350,000 
wealth-management clients and posted some of the information online.

The bank alerted law enforcement and found no evidence that clients lost any money, New York-based Morgan Stanley said 
today in a statement. The firm said it detected account information for about 900 clients on an external website and 
“promptly” had it removed.

“Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the 
appropriate authorities to conduct and conclude a thorough investigation of this incident,” the company said in the 
statement.

Banks are spending more to protect client data as hacking attacks increase and technology makes dissemination and use 
of data potentially more widespread. Government agencies and regulators around the world are urging greater vigilance 
to counter cybercrime after an attack against JPMorgan Chase & Co. last year compromised personal information of about 
76 million households. 

Morgan Stanley didn’t name the fired employee. The bank said it’s notifying all potentially affected clients, which 
represent about 10 percent of its wealth-management customers, and enhancing security on those accounts.

The information didn’t include passwords or Social Security numbers, according to the statement. Bank account and 
credit-card data also weren’t compromised, according to a person briefed on the bank’s investigation who asked not to 
be named because the probe is ongoing.

Application Disabled

The bank’s inquiry found the employee may have been seeking to sell the stolen information, though there was no 
evidence any third party received it, according to the person. The firm has disabled the  application used to access 
the data, the person said.

In 2011, Morgan Stanley’s brokerage unit said unencrypted compact discs containing tax information for 34,000 clients 
were lost in transit to the New York State Department of Taxation and Finance. The firm said at the time it found no 
evidence the data was misused.

To contact the reporter on this story: Michael J. Moore in New York at mmoore55 () bloomberg net

To contact the editors responsible for this story: Peter Eichenbaum at peichenbaum () bloomberg net Steve Dickson, 
Steven Crabill


--
It's better to burn out than fade away.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: