Morgan Stanley has agreed to pay the fine and settle the US Securities and Exchange Commission allegations. According to the SEC, Morgan Stanley failed to secure the data of its clients during a five-year period starting from 2015 by improperly disposing of thousands of hard drives.
According to Bloomberg.com, the SEC highlighted that the moving and storage company hired by Morgan Stanley had no experience in data destruction and failed to properly monitor the company’s work. Some of the devices, which had thousands of pieces of unencrypted customer data, were recovered, but most of them are unaccounted for.
Some of these devices ended up on the online auction block without checking that the customer data they contained had been deleted. Overall, details of around 15 million clients were compromised.
Furthermore, according to the regulator, the brokerage also failed to properly dispose of customer and consumer report information during a server refresh programme. The SEC said that the unit didn’t activate any encryption programs that were available on the devices. The USD 35 million fine also reflects this mismanagement of client information.
Morgan Stanley issued a statement in which it revealed that it notified applicable clients of the issue. Moreover, the company has not detected any unauthorised access to, or misuse of, personal client information. Without admitting or denying the allegations, the US-based bank agreed to settle the case and pay the USD 35 million fine issued by the SEC.
In January 2022, Morgan Stanley has agreed to pay USD 60 million to settle a lawsuit by customers who said the bank exposed their personal data when it twice failed to retire some of its older information technology.
The brokerage was accused of having failed to decommission two wealth management data centres in 2016 before the unencrypted equipment, which still contained customer data, was resold to unauthorised third parties.
A preliminary settlement of the proposed class action on behalf of about 15 million customers was filed in Manhattan federal court. Customers would receive at least two years of fraud insurance coverage, and each could apply for reimbursement of up to USD 10,000 in out-of-pocket losses.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now