Morgan Stanley & Co. agreed to pay $60 million to settle a class-action lawsuit claiming a data security breach exposed the personal data of 15 million current and former customers, including credit card and Social Security numbers.
The sensitive information was stored in data centers that had been decommissioned or replaced, and then allegedly were resold without being properly wiped clean.
Because the firm failed to properly dispose of the data, the personal information of Morgan Stanley customers was easily accessible, according to the agreement filed in federal court in Manhattan Friday. A software flaw allegedly left the data on the old servers in an unencrypted form.
Morgan Stanley agreed to the settlement while continuing to deny the allegations.
“We have previously notified all potentially impacted clients regarding these matters, which occurred several years ago, and are pleased to be resolving this related litigation,” a representative said in a statement.
Morgan Stanley allegedly learned of the breach after it was contacted by a man who said he bought used IT equipment from an internet vendor and it came with access to the sensitive customer data, which also included birth dates and investment account information.
If the settlement is approved by the judge, the affected clients will get access to at least two years of fraud insurance services as an automatic benefit, as well as the opportunity to make a claim for up to $10,000 in reimbursement for out-of-pocket losses.
Cybersecurity is becoming a vexing problem for many wealth management firms, which have long been the logical targets for data breaches. For one, they publicly disclose their assets under management, but also hold some of the most sensitive data directly connected to client finances.
The settlement comes on the heels of a similar breach at Morgan Stanley last year. Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, suffered an information security incident, according to a July letter the company sent to the New Hampshire Attorney General’s office.
In that incident, attackers exploited a software vulnerability, which was subsequently patched within five days, to obtain files giving them access to clients’ names, addresses, dates of birth and Social Security numbers.
Eliseo Prisno, a former Merrill advisor, allegedly collected unapproved fees from Filipino clients by secretly accessing their accounts at two separate brokerages.
The Harford, Connecticut-based RIA is expanding into a new market in the mid-Atlantic region while crossing another billion-dollar milestone.
The Wall Street giant's global wealth head says affluent clients are shifting away from America amid growing fallout from President Donald Trump's hardline politics.
Chief economists, advisors, and chief investment officers share their reactions to the June US employment report.
"This shouldn’t be hard to ban, but neither party will do it. So offensive to the people they serve," RIA titan Peter Mallouk said in a post that referenced Nancy Pelosi's reported stock gains.
Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.
Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.