Morgan Stanley Agrees to Data Breach Settlement

Jan 6, 2022 12:00 am Cyber Security 204

Morgan Stanley Agrees to Data Breach Settlement

American multinational investment bank and financial services company Morgan Stanley has agreed to pay $60m to settle a legal claim over data security.



A class-action lawsuit was filed against the company in July 2020 over two security breaches that compromised the personal data of approximately 15 million of its customers.



The suit alleges that Morgan Stanley failed to safeguard the personally identifiable information (PII) of its current and former clients. According to the plaintiffs, data center equipment decommissioned by Morgan Stanley in 2016 and 2019 was not wiped clean properly.



The plaintiffs allege that a software flaw meant that sensitive data stored on the old servers and other technology was visible in an unencrypted format to whoever purchased the decommissioned equipment. 



It is further alleged that some of the equipment went missing after it was decommissioned.



An investigation into the security incident was launched by the Office of the Comptroller of the Currency (OCC) after a vendor contacted Morgan Stanley in 2017 to inform the company that data belonging to its clients was accessible via the old technology. 



In July 2020, Morgan Stanley began notifying current and former clients who had been impacted by the data security incident. 



Three months later, the OCC issued Morgan Stanley with a consent order for the assessment of a $60m civil penalty.



The OCC 
Support the originator by clicking the read the rest link below.

morgan stanley agrees breach settlement
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!