Morgan Stanley is one of the most renowned banks in the world. It started business on Wall Street in New York back in 1935 and has grown so that it now has a market capitalisation of around $150 billion and employs approximately 70,000.
It’s obviously good at a lot of things but one area it wasn’t so good at was looking after the personal data of about 15 million customers.
Probably one of the first things that come to mind when protecting the personal details of clients are the security systems to protect the data within the bank such as passwords, firewalls, etc.
The problem for Morgan Stanley though was the data that was in computer hardware that was scrapped.
The US Securities and Exchange Commission (SEC) accused Smith Barney (Morgan Stanley’s wealth management business), of “astonishing” shortcomings.
The problems arose when Morgan Stanley disposed of thousands of hard drives and servers.
On multiple occasions a moving and storage business with no experience in data destruction services was hired to decommission these hard drives.
In other words, the hard drives and servers which were being scrapped should have had all the personal details removed.
Unfortunately this didn’t happen and instead the moving business then sold thousands of these devices to a third party. This third party then resold them on an internet auction site.
Some of the devices were subsequently recovered but the SEC said that Morgan Stanley “has not recovered the vast majority of the devices”.
The devices which were recovered were found to contain “thousands of pieces of unencrypted customer data”.
The end result is that Morgan Stanley has agreed to pay a $35 million penalty to settle charges.
There’s a valuable lesson to be learnt from this as responsibility for the safeguarding of personal data remains with the organisation and this includes making sure that the destruction of hardware containing that data is done in such a way that the data is erased and does not find it’s way into other people’s hands.
https://www.theexpgroup.com/wp-content/uploads/2022/09/Morgan_Stanley.png9441678Stevehttps://www.theexpgroup.com/wp-content/uploads/2018/06/styleguide-EXP-4.pngSteve2022-09-24 07:39:472022-10-02 14:47:48Second hand servers + personal data = $35 million
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.