Bank Morgan Stanley fined $35 million for major data breach

The SEC has fined Morgan Stanley a $35 million fine. Two hard drives had appeared on an auction website, on which the data of 15 million customers were stored.

In a statement the SEC reports Tuesday Morgan Stanley has been mishandling customer data since 2015, especially when deleting that data. “Morgan Stanley has hired a moving and storage company multiple times, with no experience in destroying data, to dismantle thousands of hard drives and servers containing the data of millions of customers. In addition, the bank has been out of the moving company’s work for several years. duly checked,” reports the stock market watchdog.

The moving company sold the hard drives and servers to a third party, who then auctioned the devices online. These still contain customer data when they were sold, the SEC writes. Morgan Stanley has repossessed a number of devices, but the majority of the devices have not yet been recovered. Furthermore, the bank is said to have lost track of 42 servers, which contain unencrypted customer data, and have not enabled the encryption software on its local systems for years.

“Morgan Stanley’s failure in this case is astonishing. Customers entrust their personal information to financial professionals with the expectation that it will be protected, and the bank has failed miserably in this regard,” said Gurbir Grewal, director of the SEC’s enforcement division. “If this sensitive information is not properly protected, it could fall into the wrong hands.”