FTC investigation finds glitch to blame in Morgan Stanley data breach

The Federal Trade Commission said it would not take action against the firm for a major client data leak in December

Aug 11, 2015 @ 12:17 pm

By Mason Braswell

Morgan Stanley will not be facing action from the Federal Trade Commission as a result of a client data breach in December that compromised information of some 350,000 clients, according to a letter made public on the FTC's website Monday afternoon.

The FTC determined that the breach, which was quickly traced back to a former broker, Galen Marsh, had been made possible because of a glitch in Morgan Stanley's data security controls, and not a failure on Morgan Stanley's part to secure account information in a “reasonable and appropriate manner.”

“In this instance, our investigation determined that the Morgan Stanley employee was able to gain access to client data, despite such controls, because the access controls applicable to a narrow set of reports were improperly configured,” said Maneesha Mithal, associate director of the division of privacy and identity protection at the FTC, in the letter. “Morgan Stanley promptly fixed the problem when it came to the company's attention.”

Otherwise, the firm had reasonable comprehensive policies in place, the FTC said. Brokers, for example, were not allowed to access personal data outside the specific clients they served, and the firm monitored the size and frequency of data transfers by employees and prohibited employee use of USBs and other devices to remove client data.

The FTC's letter made no determination as to whether Mr. Marsh had violated any rules, or how exactly the information ended up on several websites.

The agency said it had determined that the data appeared online after “an employee misappropriated wealth management client information, transferring the data from the Morgan Stanley computer network to a personal website accessed at work, and then onto personal devices.”

It was initially suspected that Mr. Marsh may have posted the data online in exchange for virtual currencies such as Bitcoin. But his attorney, Robert C. Gottlieb of Gottlieb & Cordon, said his client had never posted the information, and in February, federal authorities were looking into the possibility that he had been targeted by hackers after he removed the client data from Morgan Stanley's network. The New York Times reported that the Federal Bureau of Investigation had opened a criminal investigation and the Financial Industry Regulatory Authority Inc. was examining the matter.

According to Finra spokeswoman Nancy Condon, the agency has deferred to other regulators on this issue to avoid duplication.

A source familiar with the situation said other investigations into the breach were still ongoing. Mr. Gottlieb declined to comment.

Mr. Marsh was not specifically named in the FTC's letter, but multiple sources confirmed on background that it was tied to the same case.

Mr. Marsh was fired January 2 for allegations that “accused him of removing certain confidential client account information from the firm without authorization,” according to his BrokerCheck report.

A spokeswoman for Morgan Stanley, Christine Jockle, said in an emailed statement that there was no evidence that any fraud had occurred in the affected client accounts and reiterated that the firm had acted quickly after it discovered the information had been leaked.

“Following the firm's discovery of the incident, it quickly identified the employee who stole the data and terminated him,” Ms. Jockle wrote in an email. “The Firm promptly alerted law enforcement and regulators, notified affected clients, changed account numbers and offered identity protection services.”


What do you think?

View comments

Recommended for you

Upcoming Event

Mar 26


Huntington Beach Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video


Why advisers are pessimistic about the economy

Deputy editor Bob Hordt and senior research analyst Matt Sirinides discuss a recent InvestmentNews survey of advisers, most of whom see a recession ahead before the next presidential election.

Latest news & opinion

John Bogle, Vanguard founder, dies at 89

The pioneer of low-cost, passive investments died of cancer.

10 biggest breakaways of Q4

Echelon Partners lists the 10 biggest adviser moves out of wirehouses during last year's final quarter.

6 biggest RIA acquisitions of 2018

As M&A involving registered investment advisers hit another record last year, these six deals topped the list

Anatomy of an annuity buyout offer

Readers are invited to comment on whether the columnist should keep or ditch her Ohio National VA contract

Factions emerge in OneFPA overhaul

Critics fear the FPA is trying to take money and power from local chapters, which officials and proponents call overblown.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print