Friday, December 2, 2022
Home TECH SEC fines Morgan Stanley $35 million after exposing customer data on 1,000...

SEC fines Morgan Stanley $35 million after exposing customer data on 1,000 auctioned hard drives

face palm: On Wednesday, Morgan Stanley settled a Securities and Exchange Commission (SEC) complaint over “staggering” security breaches that occurred between 2016 and 2021. The financial giant agreed to pay a $35 million fine for improper disposal of hard drives. of one of its data centers out of service.

According to the SEC complain, Morgan Stanley auctioned off approximately 1,000 unencrypted hard drives that had not had their contents wiped. It also claims the company improperly disposed of thousands of hard drives and magnetic backup media, exposing the data of more than 15 million Morgan Stanley customers. officials I call the “staggering” security flaws.

“The MSSB’s failures in this case are startling. Customers trust their personal information to financial professionals with the understanding and expectation that it will be protected, and the MSSB woefully fell short in doing so,” said MSSB Compliance Division Director the SEC, Gurbir S. Grewal. “If not properly protected, this sensitive information can end up in the wrong hands with disastrous consequences for investors.”

According to the SEC, Morgan Stanley dismantled two data centers in 2016, resulting in a cascade of security breaches caused by the company’s negligence.

“You are a major financial institution and you should follow some very strict guidelines on how to deal with hardware recalls.”

For starters, instead of destroying the hard drives or having an internal IT team zero them out, the company hired an outside mover to handle the hardware. The mover took possession of 53 RAID arrays comprised of around 1,000 HDDs and around 8,000 backup tapes. The anonymous firm allegedly had no experience dismantling storage media.

The mover initially outsourced an IT company to clean the units. However, the two companies had a falling out and the mover began selling the storage devices to another team who turned around and auctioned them off online without deleting them.

In 2017, nearly a year after the decommissioning project began, an IT professional in Oklahoma emailed Morgan Stanley and informed them that he had hard drives containing the company’s customer data.

“You are a major financial institution and must follow some very strict guidelines on how to deal with hardware retirement,” the IT consultant wrote. “Or at least get some kind of data destruction verification from the vendors you sell equipment to.”

Subsequently, the wealth management company bought back all the hard drives that the consultant had in his possession.

Beyond the negligence of not zeroing the drives and not being aware of what their contractors were doing with them, most customer data was not encrypted even though many of the hard drives had built-in encryption support. Morgan Stanley only started using encryption in 2018 and only for new files; the old data was still unprotected. The SEC claims that even after 2018, some of the information was still not encrypted due to a security flaw in its data protection package.

Morgan Stanley agreed to pay the fine without admitting guilt or wrongdoing. The commercial standard grades that a spokesman said there is no indication that any customers have been affected.

“We have previously notified the relevant customers of these matters, which occurred several years ago, and have not detected any unauthorized access to or misuse of customer personal information,” the spokesperson said.

RELATED ARTICLES

How a small electoral business became a conspiracy theory target

At an invitation-only conference in August at a secret location southeast of Phoenix, a group of election deniers revealed a new conspiracy theory about...

A huge new data set pushes the limits of neuroscience

So neuroscientists use an approach called "dimensionality reduction" to make such a visualization possible: They take data from thousands of neurons and, by applying...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

4 Ways to Make Your Office Reception Area More Comfortable for Clients

Reception areas are the first thing your clients see when they visit your office, so you want to make sure it gives...

Top Tips for a Good Night’s Sleep

A good night's sleep is essential for our overall health and well-being, yet many people struggle to get the rest they need....

The Top Three Things You Can Do to Make Your Carnival Event More Spectacular

All kids love carnivals, and most adults do, too. What can be more thrilling and exciting than the...

The Importance of the Court Reporter’s Neutrality

The Importance of the Court Reporter’s Neutrality To listen and record with bias or judgement is a skill that’s...