Morgan Stanley will pay $35 million to settle Securities and Exchange Commission allegations that one of its units failed to secure the personal data of millions of customers when replacing company hard drives and servers.
The bank improperly disposed of thousands of devices, and some were auctioned off online without checking that customer data they contained had been deleted, according to the SEC. About 15 million clients’ details were compromised over a five-year period starting 2015.
Following the announcement by the SEC, Morgan Stanley said in a statement that it was pleased to have resolved the matter. “We have previously notified applicable clients regarding these matters, which occurred several years ago, and have not detected any unauthorized access to, or misuse of, personal client information,” the firm said.
The SEC said that the firm had violated “safeguards and disposal rules.”
“Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected,” Gurbir Grewal, director of the SEC’s enforcement division, said in a statement. He called the findings “astonishing.”
Morgan Stanley agreed to pay the penalty and settle the case without admitting or denying the allegations, according to the SEC.
The violation occurred because the firm hired a moving and storage company with no experience in data destruction and then failed to properly monitor the company’s work, the SEC said. Morgan Stanley recovered some of the devices, which had thousands of pieces of unencrypted customer data. The vast majority of devices were not found, the regulator said.
Tuesday’s penalty is also related to the brokerage’s failure to properly dispose of customer and consumer report information as part of a broader hardware refresh program, during which the firm found that 42 servers were missing. The unit didn’t activate available encryption programs that were available on the devices, the SEC said.
Chasing productivity is one thing, but when you're cutting corners, missing details, and making mistakes, it's time to take a step back.
It is not clear how many employees will be affected, but none of the private partnership’s 20,000 financial advisors will see their jobs at risk.
The historic summer sitting saw a roughly two-thirds pass rate, with most CFP hopefuls falling in the under-40 age group.
"The greed and deception of this Ponzi scheme has resulted in the same way they have throughout history," said Daniel Brubaker, U.S. Postal Inspection Service inspector in charge.
Elsewhere, an advisor formerly with a Commonwealth affiliate firm is launching her own independent practice with an Osaic OSJ.
Stan Gregor, Chairman & CEO of Summit Financial Holdings, explores how RIAs can meet growing demand for family office-style services among mass affluent clients through tax-first planning, technology, and collaboration—positioning firms for long-term success
Chris Vizzi, Co-Founder & Partner of South Coast Investment Advisors, LLC, shares how 2025 estate tax changes—$13.99M per person—offer more than tax savings. Learn how to pass on purpose, values, and vision to unite generations and give wealth lasting meaning
