fb

ACCA SPRING SALE 25% OFF

Second hand servers + personal data = $35 million

Second hand servers + personal data = $35 million

Morgan Stanley is one of the most renowned banks in the world. It started business on Wall Street in New York back in 1935 and has grown so that it now has a market capitalisation of around $150 billion and employs approximately 70,000.

It’s obviously good at a lot of things but one area it wasn’t so good at was looking after the personal data of about 15 million customers.

Probably one of the first things that come to mind when protecting the personal details of clients are the security systems to protect the data within the bank such as passwords, firewalls, etc.

The problem for Morgan Stanley though was the data that was in computer hardware that was scrapped.

The US Securities and Exchange Commission (SEC) accused Smith Barney (Morgan Stanley’s wealth management business), of “astonishing” shortcomings.

The problems arose when Morgan Stanley disposed of thousands of hard drives and servers.

On multiple occasions a moving and storage business with no experience in data destruction services was hired to decommission these hard drives.

In other words, the hard drives and servers which were being scrapped should have had all the personal details removed.

Unfortunately this didn’t happen and instead the moving business then sold thousands of these devices to a third party. This third party then resold them on an internet auction site.

Some of the devices were subsequently recovered but the SEC said that Morgan Stanley “has not recovered the vast majority of the devices”.

The devices which were recovered were found to contain “thousands of pieces of unencrypted customer data”.

The end result is that Morgan Stanley has agreed to pay a $35 million penalty to settle charges.

There’s a valuable lesson to be learnt from this as responsibility for the safeguarding of personal data remains with the organisation and this includes making sure that the destruction of hardware containing that data is done in such a way that the data is erased and does not find it’s way into other people’s hands.

Share this entry

Related articles

View All Articles

Recent articles

View All Articles
Big 4 beware: Unity’s got $300M and no audit drama…
Apr 29, 2025
Title
Big 4 beware: Unity’s got $300M and no audit drama…
Excerpt

The former boss of EY and the former chief operating officer of PwC in the UK, are launching […]

Nothing to whine about…
Apr 22, 2025
Title
Nothing to whine about…
Excerpt

The wine industry, steeped in centuries of tradition, is experiencing a shake-up that’s sparking debate among enthusiasts and […]

PwC exits 9 African countries
Apr 18, 2025
Title
PwC exits 9 African countries
Excerpt

PwC, one of the Big Four accounting firms, recently announced the closure of its operations in nine Sub-Saharan […]

Using AI to reward staff
Apr 12, 2025
Title
Using AI to reward staff
Excerpt

In a bold move that combines innovation with employee incentives, UK-based law firm Shoosmiths has become the first […]

Barking up the right tree?
Apr 07, 2025
Title
Barking up the right tree?
Excerpt

In a world where businesses are constantly seeking that elusive “wow” factor to stand out, a historic Parisian […]

10 reasons CFOs are leaving…
Apr 02, 2025
Title
10 reasons CFOs are leaving…
Excerpt

Last year, chief financial officers (CFOs) left their roles at the fastest rate in six years, according to […]

Women at the top: EY becomes first Big 4 firm with dual female leaders
Apr 01, 2025
Title
Women at the top: EY becomes first Big 4 firm with dual female leaders
Excerpt

EY has just made history – Alison Duncan will take over as UK Chair of EY, joining forces […]

When Audits Fail: PwC, Wyelands Bank, and the £2.9M Mistake
Mar 26, 2025
Title
When Audits Fail: PwC, Wyelands Bank, and the £2.9M Mistake
Excerpt

What happens when auditors fail to properly understand the business they’re auditing? That’s the question at the heart […]