Data security laxity makes Morgan Stanley pay $35 million SEC Penalty

Morgan Stanley, the world-renowned American firm that is into the business of financial investment, was slapped with a fine of $35 million by US SEC. And sources report that the penalty was pronounced by the US Securities and Exchange Commission for showing laxity in dealing with customer data.

Going deep into the details, it’s learned that the company disposed of some of the company servers and Hard Disk Drives (HDDS) operated in its server farms last year. And did not wipe the data before putting them for auction and selling them offline.

Estimates are in that information related to about 15 million clients were compromised in the incident as the sold HDDs contained information since 2015.

As soon as the incident was brought to light, the SEC reacted and began an inquiry and concluded that one unit of the financial services provider failed miserably in handling the data.

On the condition of anonymity, a source from the firm stated that the data mishandling was done because the IT department of the company handed over the recycling project to a new company that never had experience in data destruction.

SEC also learnt through its sources that the business never stored data of its customers in encrypted form and so the lost information might also now be accessible to people who might think to sell that data to marketing firms for additional monetary benefits.

For this reason and after confirmation, the SEC imposed a $35 million penalty on Morgan Stanley.


Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display