SEC fines Morgan Stanley $1 million for data-protection failures

SEC fines Morgan Stanley $1 million for data-protection failures
The fine relates to an ex-broker, Galen Marsh, who took data from hundreds of thousands of the wirehouse's clients, some of which ultimately ended up online.
JUN 07, 2016
The Securities and Exchange Commission slapped Morgan Stanley with a $1 million penalty to settle charges related to failures to protect customer data, the agency announced Wednesday. A former broker working in Morgan Stanley's wealth management group, Galen Marsh, was fired early last year for the theft of client data, which affected hundreds of thousands of the firm's clients. Now, the SEC is saying Morgan Stanley failed to adopt written policies and procedures reasonably designed to protect customer data, and violated what's known as the “Safeguards Rule.” “As a result of these failures, from 2011 to 2014, a then-employee impermissibly accessed and transferred the data regarding approximately 730,000 accounts to his personal server, which was ultimately hacked by third parties,” the SEC said in a news release. “Given the dangers and impact of cyberbreaches, data security is a critically important aspect of investor protection. We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information,” Andrew Ceresney, director of the SEC's enforcement division, said in the release. Morgan Stanley settled without admitting or denying the allegations. In a statement, Morgan Stanley said after it discovered the data breach it had promptly alerted law enforcement and regulators, and notified affected clients. "Morgan Stanley worked quickly to protect affected clients by changing account numbers and offering credit monitoring and identity theft protection services, and has strengthened its mechanisms for safeguarding client data," the statement said. "No fraud against any client account was reported as a result of this incident.” The SEC took issue with two of Morgan Stanley's internal web applications, or portals, that allowed its employees to access clients' confidential account information. Morgan Stanley didn't audit or test modules authorizing access to such portals, and didn't monitor or analyze employees' access to and use of them, according to the SEC. That allowed Mr. Marsh to download and transfer confidential data to his personal server at home over a period of three years. Some of that data was ultimately stolen from him and posted on the internet. Mr. Marsh received a criminal conviction of three years' probation and a $600,000 restitution order for his actions. In August of last year, the Federal Trade Commission said it wouldn't take action against Morgan Stanley for the data breach because it determined the breach was due to a glitch in data security controls and not a failure on the firm's part to secure account information in a reasonable and appropriate manner.

Latest News

Texas man says SEC and fund could make him pay twice
Texas man says SEC and fund could make him pay twice

A $141M judgment and a federal asset freeze collide over one shrinking pool

Osaic executives Kristy Britt and Greg Cornick to leave
Osaic executives Kristy Britt and Greg Cornick to leave

The firm's CFO and EVP of Wealth Management Solutions are the latest executives to exit the broker-dealer.

Estate planning becomes a client retention issue for financial advisors, survey finds
Estate planning becomes a client retention issue for financial advisors, survey finds

Clients are saying they would consider switching advisors if another professional offered estate planning services, according to a new Trust & Will survey.

Candidly adds AI agents for Trump Accounts, workplace benefits
Candidly adds AI agents for Trump Accounts, workplace benefits

CEO Laurel Taylor says the fintech's composable AI stack helps workers optimize dollars across Trump Accounts, 529s, 401(k)s, and other employee benefits.

BMO adds three advisors in Dallas amid Y'all Street wealth boom
BMO adds three advisors in Dallas amid Y'all Street wealth boom

The bank has swiped three private banking veterans from BNY as the city climbs the ranks of America's fastest-growing wealth hubs.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.