Retirement Planning Social Security

Morgan Stanley Hit With $60M Fine Over Data Breaches

News October 09, 2020 at 01:35 PM
Share & Print

photo of Morgan Stanley signs in New York from Bloomberg Morgan Stanley's New York headquarters (Photo: Bloomberg)

The Office of the Comptroller of the Currency on Friday levied a $60 million civil money penalty against Morgan Stanley Bank, N.A., and Morgan Stanley Private Bank, N.A., for 2016 data breaches in two Wealth Management business data centers located in the U.S.

Morgan Stanley is embroiled in a class-action lawsuit over the two separate data breaches involving missing equipment that exposed clients' personal identifiable information — including Social Security and account numbers — to third parties.

The case, brought by a retirement account client and filed in the U.S. District Court for the Southern District of New York in late August, involves an unauthorized disclosure of clients' identity information to unknown third parties and not a breach of a computer system by a third party.

The OCC states that Morgan Stanley failed to exercise proper oversight of the 2016 decommissioning of the business data centers.

The OCC also found that Morgan Stanley failed to:

  • effectively assess or address risks associated with decommissioning its hardware;
  • adequately assess the risk of subcontracting the decommissioning work, including exercising adequate due diligence in selecting a vendor and monitoring its performance;
  • and maintain appropriate inventory of customer data stored on the decommissioned hardware devices.

In 2019, the banks experienced similar vendor management control deficiencies in connection with decommissioning other network devices that also stored customer data, the OCC states.

The OCC found the noted deficiencies constitute unsafe or unsound practices and resulted in noncompliance with 12 CFR Part 30, Appendix B, "Interagency Guidelines Establishing Information Security Standards."

A Morgan Stanley spokesperson said Friday in a statement: "As we previously disclosed in July, we have continuously monitored the situation and we do not believe that any of our clients' information has been accessed or misused. Moreover, we have instituted enhanced security procedures, including continuous fraud monitoring, and will continue to strengthen the controls that we have in place to protect our clients' information. Safeguarding our clients' information is of paramount importance."

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Bill to Curb Controversial Social Security Rules Passes House Tackling Seniors' Cost-of-Living Crisis with Shannon Benton Taxes, Tariffs and More: 5 Key Economic Stakes of the Election Across Party Lines, Protecting Social Security Is Top Priority: Survey Older Americans' Spending Growth Is No Longer Supercharged: BofA Musk Wants $2T Cut From the Budget. It'd Be Difficult

Resource Center

Can Systematic Risk Be Reduced? link

Guide

Can Systematic Risk Be Reduced?

The Business Model Playbook: Mastering Technology for Firm Success link

Playbook

The Business Model Playbook: Mastering Technology for Firm Success

Harnessing AI to Power Advisor-Client Relationships link

White Paper

Harnessing AI to Power Advisor-Client Relationships