$1 Million Penalty Paid by Morgan Stanley Over Privacy Breach

By Soham Samaddar - 09 Jun '16 11:38AM

In this day and age, privacy breach is a menace and it does not only affect individuals whose computers might be infected with malware but also huge corporations who have extensive security filters in place in order to protect their data. However, it takes a completely different turn when a bank suffers from such an attack and in the process, the private information of their clients gets into the wrong hands. That is exactly what happened with Morgan Stanley but it did not involve a malware attack by hachers but instead a rogue employee at the bank who stole personal information of more than 700,000 customers for three years starting from 2011.

In such a situation, the sole responsibility for the privacy breach rests with the bank and that was how the Security and Exchange Commission viewed the matter as Morgan Stanley paid up $1 million in penalties for the breach. A report on USA Today stated, "The Securities and Exchange Commission had issued an order finding that the investment bank failed to adopt adequate written policies and procedures to protect customer data. The SEC's action stemmed from incidents between 2011 and 2014 when an employee (since departed) accessed and transferred confidential data of about 730,000 customer accounts to his personal server.That server was subsequently hacked by a third party, resulting in some of the data being posted on the Net with offers to sell larger quantities"

The bank released a statement in which it stated,"[the bank]is pleased to settle this matter, which results from the theft by a former employee of certain limited client data that was reported in January, 2015. Following the discovery of the incident, Morgan Stanley promptly alerted law enforcement and regulators, and notified affected clients. Morgan Stanley worked quickly to protect affected clients by changing account numbers and offering credit monitoring and identity theft protection services, and has strengthened its mechanisms for safeguarding client data," the company statement continues. "No fraud against any client account was reported as a result of this incident."

Fun Stuff

The Next Read

Real Time Analytics