Second hand servers + personal data = $35 million

Morgan Stanley is one of the most renowned banks in the world. It started business on Wall Street in New York back in 1935 and has grown so that it now has a market capitalisation of around $150 billion and employs approximately 70,000.

It’s obviously good at a lot of things but one area it wasn’t so good at was looking after the personal data of about 15 million customers.

Probably one of the first things that come to mind when protecting the personal details of clients are the security systems to protect the data within the bank such as passwords, firewalls, etc.

The problem for Morgan Stanley though was the data that was in computer hardware that was scrapped.

The US Securities and Exchange Commission (SEC) accused Smith Barney (Morgan Stanley’s wealth management business), of “astonishing” shortcomings.

The problems arose when Morgan Stanley disposed of thousands of hard drives and servers.

On multiple occasions a moving and storage business with no experience in data destruction services was hired to decommission these hard drives.

In other words, the hard drives and servers which were being scrapped should have had all the personal details removed.

Unfortunately this didn’t happen and instead the moving business then sold thousands of these devices to a third party. This third party then resold them on an internet auction site.

Some of the devices were subsequently recovered but the SEC said that Morgan Stanley “has not recovered the vast majority of the devices”.

The devices which were recovered were found to contain “thousands of pieces of unencrypted customer data”.

The end result is that Morgan Stanley has agreed to pay a $35 million penalty to settle charges.

There’s a valuable lesson to be learnt from this as responsibility for the safeguarding of personal data remains with the organisation and this includes making sure that the destruction of hardware containing that data is done in such a way that the data is erased and does not find it’s way into other people’s hands.

Register to a free ACCA demo course
Register to a free CIMA demo course
Register to a free DipIFR demo course

Superman helps hackers.

It’s a sign of the times that hackers are constantly on the lookout for weaknesses in people’s computer security systems. Individuals can go a long[..]

I never emailed you...

Sometimes it’s the simple scams that can cause the most damage. We hear all the time about ignoring scam phishing emails where fraudsters are pretending[..]

KPMG fined £700,000.

KPMG in the UK has been fined by the Financial Reporting Council for what only can be described as pretty poor auditing. The situation behind[..]

Watch your step...

You probably haven’t heard of Klaus Maertens but I reckon that most of you will have seen what he started. Klaus was a German soldier[..]

Subscribing To A Hot Seat

A lot of us are used to paying a monthly fee for a wide range of goods and services as customers. For example, we may[..]

Are these real Nikes?

Originally founded in 1964 as "Blue Ribbon Sports" by Bill Bowerman and Phil Knight the company officially became Nike Inc. 6 years later. Since then,[..]

EY to split into 2?

Interesting times for EY, the Big 4 accounting group. They have just reported record global revenues of $45.4 billion in the year to the end[..]