POST Online Media Lite Edition


Morgan Stanley to pay $1 million for data breach

Staff writer |
Morgan Stanley has agreed to pay a $1 million penalty to settle charges related to its failure to protect customer data, the U.S. Securities and Exchange Commission (SEC).

Article continues below

The SEC action stems from incidents between 2011 and 2014, when Galen Marsh, then a Morgan Stanley broker, took data from roughly 730,000 accounts, some of which were hacked and put for sale online.

“The federal securities laws require registered broker-dealers and investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information,” the SEC said in the statement.

“Morgan Stanley’s policies and procedures were not reasonable, however, for two internal web applications or ‘portals’ that allowed its employees to access customers’ confidential account information. For these portals, Morgan Stanley did not have effective authorization modules for more than 10 years to restrict employees’ access to customer data based on each employee’s legitimate business need.”

Morgan Stanley agreed to settle the charges without admitting or denying the SEC’s findings.

The SEC also barred Marsh who pleaded guilty in December and was sentenced to three years’ probation and ordered to pay $600,000 in restitution from working in the securities industry for at least five years.

What to read next

Morgan Stanley to pay $3.2 billion to settle mortgage charges
Morgan Stanley enters $63 million settlement with FDIC over RMBS claims
Morgan Stanley to sell global oil merchanting business