Morgan Stanley hit with $35 million SEC fine over data security

Morgan Stanley hit with $35 million SEC fine over data security
When the bank replaced hard drives and servers, it improperly disposed of thousands of devices, compromising the personal data of about 15 million clients.
SEP 20, 2022
By  Bloomberg

Morgan Stanley will pay $35 million to settle Securities and Exchange Commission allegations that one of its units failed to secure the personal data of millions of customers when replacing company hard drives and servers.

The bank improperly disposed of thousands of devices, and some were auctioned off online without checking that customer data they contained had been deleted, according to the SEC. About 15 million clients’ details were compromised over a five-year period starting 2015.

Following the announcement by the SEC, Morgan Stanley said in a statement that it was pleased to have resolved the matter. “We have previously notified applicable clients regarding these matters, which occurred several years ago, and have not detected any unauthorized access to, or misuse of, personal client information,” the firm said.  

The SEC said that the firm had violated “safeguards and disposal rules.”

“Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected,” Gurbir Grewal, director of the SEC’s enforcement division, said in a statement. He called the findings “astonishing.” 

Morgan Stanley agreed to pay the penalty and settle the case without admitting or denying the allegations, according to the SEC.

The violation occurred because the firm hired a moving and storage company with no experience in data destruction and then failed to properly monitor the company’s work, the SEC said. Morgan Stanley recovered some of the devices, which had thousands of pieces of unencrypted customer data. The vast majority of devices were not found, the regulator said.

Tuesday’s penalty is also related to the brokerage’s failure to properly dispose of customer and consumer report information as part of a broader hardware refresh program, during which the firm found that 42 servers were missing. The unit didn’t activate available encryption programs that were available on the devices, the SEC said. 

Latest News

Stephen Langlois stepping down as Kestra Financial bares transition plans
Stephen Langlois stepping down as Kestra Financial bares transition plans

With plans to retire, the outgoing president of the Texas-based IBD giant will be replaced by the giant RIA's current head of wealth management this spring.

Financial advisors keeping close eye on rising 'fear index'
Financial advisors keeping close eye on rising 'fear index'

The VIX, or so called "fear index," is shifting higher with increased market volatility, causing wealth managers to ready themselves for anxious client calls.

BMO Capital Markets to pay $40M in SEC settlement
BMO Capital Markets to pay $40M in SEC settlement

Canadian bank's capital markets arm reportedly failed to detect representatives' misleading disclosures involving $3 billion of mortgage-backed "sliver bonds" sold over a multi-year period.

Veteran EM debt team departs Wamco for Jackson Financial's PPM
Veteran EM debt team departs Wamco for Jackson Financial's PPM

Move marks the largest single batch of exits as the Franklin Templeton subsidiary continues to navigate fallout from alleged breaches by star manager Ken Leech.

MAI Capital Management snaps up $662M Concentric
MAI Capital Management snaps up $662M Concentric

The serial RIA acquirer's latest partnership gives it another foothold in California's high-net-worth space within Bay Area.

SPONSORED Three key trends that will drive advisors’ planning in 2025

AssetMark Group CEO explains why the great wealth transfer, succession planning, and personalization will be key for advisors in the new year.

SPONSORED Why RIAs might consider investing more in trust services

A trust delivery model not only increases the value of an advisor and a firm but is also a natural addition to any firm’s succession plan.