Morgan Stanley to pay $6.5M for compromising clients' personal information
Morgan Stanley compromised the personal data of millions of customers when it decommissioned computers containing clients' information. Credit: EPA-EFE/Shutterstock/Justin Lane
New York Attorney General Letitia James and five other state attorneys general reached a multimillion dollar settlement with Morgan Stanley for compromising the personal data of millions of customers, including over 1 million New Yorkers, when it decommissioned computers containing clients' information.
Morgan Stanley Smith Barney LLC will pay $6.5 million to the six attorneys general, and the financial services firm must strengthen its data security measures. New York is to receive about $1.66 million, James announced Thursday.
"Today's agreement requires Morgan Stanley to bolster its cybersecurity so consumers will never again have to risk their personal data unintentionally being sold at an auction," James said in a statement.
A spokesperson for Morgan Stanley said in an email: “We have previously notified all potentially impacted clients regarding these matters, which occurred several years ago, and are pleased to have resolved this related investigation.”
According to James, the data became unsecured when Morgan Stanley hired a moving company "with no experience" in data destruction to decommission thousands of hard drives and servers that contained "sensitive information of millions of its customers. Morgan Stanley failed to properly monitor the moving company's work, and its computer equipment, some of which still contained private consumer information, was then sold at auction."
The firm said its monitoring of the situation had not detected any unauthorized access to, or misuse, of clients' personal information.
James said Morgan Stanley became aware of the problem when it was contacted by a purchaser who discovered the data.
Morgan Stanley has agreed to pay the $6.5 million fine and to adopt several provisions to better protect consumers' personal information.
These include:
- Maintaining a comprehensive information security program concerning the protection of confidential personal information
- Maintaining an incident response plan
- Having a written policy on the collection, use, retention and disposal of customers' personal information
- Maintaining a vendor risk assessment team to assess and ensure vendors are in compliance with Morgan Stanley's data security requirements
The other attorneys general involved are from Connecticut, Florida, Indiana, New Jersey and Vermont.
'It just feels like there's like a pillow on your head' Long Island high school football players have begun wearing Guardian Caps in an attempt to reduce head injuries. NewsdayTV's Gregg Sarra reports.
'It just feels like there's like a pillow on your head' Long Island high school football players have begun wearing Guardian Caps in an attempt to reduce head injuries. NewsdayTV's Gregg Sarra reports.
