fb

ACCA AUTUMN SAVINGS 20% OFF

Second hand servers + personal data = $35 million

Second hand servers + personal data = $35 million

Morgan Stanley is one of the most renowned banks in the world. It started business on Wall Street in New York back in 1935 and has grown so that it now has a market capitalisation of around $150 billion and employs approximately 70,000.

It’s obviously good at a lot of things but one area it wasn’t so good at was looking after the personal data of about 15 million customers.

Probably one of the first things that come to mind when protecting the personal details of clients are the security systems to protect the data within the bank such as passwords, firewalls, etc.

The problem for Morgan Stanley though was the data that was in computer hardware that was scrapped.

The US Securities and Exchange Commission (SEC) accused Smith Barney (Morgan Stanley’s wealth management business), of “astonishing” shortcomings.

The problems arose when Morgan Stanley disposed of thousands of hard drives and servers.

On multiple occasions a moving and storage business with no experience in data destruction services was hired to decommission these hard drives.

In other words, the hard drives and servers which were being scrapped should have had all the personal details removed.

Unfortunately this didn’t happen and instead the moving business then sold thousands of these devices to a third party. This third party then resold them on an internet auction site.

Some of the devices were subsequently recovered but the SEC said that Morgan Stanley “has not recovered the vast majority of the devices”.

The devices which were recovered were found to contain “thousands of pieces of unencrypted customer data”.

The end result is that Morgan Stanley has agreed to pay a $35 million penalty to settle charges.

There’s a valuable lesson to be learnt from this as responsibility for the safeguarding of personal data remains with the organisation and this includes making sure that the destruction of hardware containing that data is done in such a way that the data is erased and does not find it’s way into other people’s hands.

Share this entry

Related articles

View All Articles

Recent articles

View All Articles
The benefits of sleeping on the job…
Jul 21, 2025
Title
The benefits of sleeping on the job…
Excerpt

My guess is that not a lot of you have gone up to your boss and said that […]

A car wash, wallet and apartment – laundering explained…
Jul 18, 2025
Title
A car wash, wallet and apartment – laundering explained…
Excerpt

Money laundering might sound like something from a gangster movie, but it’s a serious real-world issue that affects […]

Take a selfie and then return it…
Jul 16, 2025
Title
Take a selfie and then return it…
Excerpt

The latest must-have outfit trending on TikTok might be out of fashion by the time it arrives on […]

When auditors overstay their welcome…
Jul 11, 2025
Title
When auditors overstay their welcome…
Excerpt

A cornerstone of audit is independence. A recent stumble by EY – one of the Big Four accounting […]

It’s all hands on deck moving from Big 4 to 4 people…
Jun 17, 2025
Title
It’s all hands on deck moving from Big 4 to 4 people…
Excerpt

When multinational companies switch auditors, it’s usually a move that signals routine rotation, cost management, or strategic realignment. […]

From whisky to wickets…
Jun 16, 2025
Title
From whisky to wickets…
Excerpt

Diageo, the global drinks giant behind brands like Guinness, Smirnoff and Johnnie Walker, is reportedly considering a sale […]

“Just Build It” – the Nike LEGO collaboration
Jun 12, 2025
Title
“Just Build It” – the Nike LEGO collaboration
Excerpt

Nike and LEGO are teaming up to launch co-branded products and experiences aimed at inspiring kids through active […]

Laziness and intelligence.
Jun 12, 2025
Title
Laziness and intelligence.
Excerpt

Whilst a lot of you won’t admit to being lazy (and I’m sure most of you aren’t in […]