Oct 5, 2022

SEC Fines Morgan Stanley $35 Million for Data Security Failures

Oct 5, 2022 | Banks, Market

By: Ken Chase.

The U.S. Securities and Exchange Commission confirmed this week that it has levied a $35 million penalty against Morgan Stanley Smith Barney related to the firm’s failure to protect its customers’ personal identifying information (PII) over a five-year period. The data security failures reportedly impacted the personal information of roughly 15 million MSSB customers.

In a press release announcing the action, the SEC alleged that the firm “hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the PII of millions of its customers,” and failed to implement any monitoring of the contracted company’s work.

The SEC investigation found that the devices were then sold to a third party, and ultimately ended up on an internet auction website. Some of those devices reportedly contained customer PII—information that had not been removed prior to sale. Despite later efforts by MSSB to recover the devices, the investigation found that most of them remained at large.

According to the SEC, the company’s failures also included the loss of 42 servers which went missing during a decommissioning effort at the firm’s branches. The SEC alleges that all of those servers could potentially contain customer PII, as well as consumer report data. Apparently, the company’s own investigation discovered that its personnel had not even activated the servers’ equipped encryption software.

SEC Enforcement Division Director Gurbir S. Grewal stressed the magnitude of the firm’s negligence and its potential impact on customers:

“MSSB’s failures in this case are astonishing. Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so. If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors. Today’s action sends a clear message to financial institutions that they must take seriously their obligation to safeguard such data.”

Learn more 

UBS to Buy Credit Suisse in Emergency Rescue

UBS to Buy Credit Suisse in Emergency Rescue

UBS reached an agreement to purchase embattled Credit Suisse on Sunday for a reported $3.2 billion. The agreement came after weekend negotiations orchestrated by the Swiss National Bank and Swiss regulators, which pushed for the emergency rescue as a way to shore up...

Report: UBS in Discussions for Credit Suisse Acquisition

Report: UBS in Discussions for Credit Suisse Acquisition

The Financial Times has reported that UBS is currently involved in talks to acquire part or all of embattled Credit Suisse. The Times’ sources reportedly include “multiple people briefed on the talks” who claimed that Switzerland’s central bank and financial...

Regulators Vow to Cover Uninsured Deposits at Failed Banks

Regulators Vow to Cover Uninsured Deposits at Failed Banks

The Treasury Department, Federal Reserve Board, and Federal Deposit Insurance Corporation issued a joint statement on Sunday confirming that all Silicon Valley Bank uninsured deposits will be fully covered. The same announcement confirmed similar protections for...