Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Morgan Stanley warns customers of data breach

Morgan Stanley has written to 34,000 customers warning them that their personal financial details may have been stolen while in transit to the New York State Department of Taxation and Finance.

  1 3 comments

Morgan Stanley warns customers of data breach

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The data - including names addresses, account and tax ID numbers and some social security numbers - was shipped on two password-protected, but unencrypted CD-ROMs.

The package containing the CDs was intact when it arrived at its destination, but the discs were missing by the time the parcel reached the desk of the intended recipient.

Jim Wiggins, a Morgan Stanley Smith Barney spokesman told Credit.com that the brokerage had failed to unearth the missing discs after a two-week investigation. The firm then notified customers and offered to pay for a year of credit-monitoring service to customers who received letters warning that their Social Security numbers were among the data.

Sponsored [On-Demand Webinar] AI in Banking: Building Compliant and Safe Enterprise AI at Scale
 

Share

1
1
1
1
 

Related Company

Morgan Stanley

Channels

/wealth management /retail banking /security

Comments: (3)

Keith Appleyard

Keith Appleyard IT Consultant at available for hire

I suppose the next logical question is where were the passwords - inside the package, or communicated separatately?

A Finextra member 

Might someone introduce the senders of this disc to the concept of self decrypting archives? Though solutions like PGP might offer best in class protection, even Winzip has a reasonable solution. There is really no reason for a company to send sensitive information unencrypted to anyone these days. K

A Finextra member 

Oh gosh this has all happened before back in 2007 in the UK, Quote from the BBC

...

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing - data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people

...

Both these cases are basic malpractice at an incompetent level and these banks need to do more to protect in a professional way the rightful security of their clients or face potential legal consequences.

 

 

Related news

Citi hackers steal $2.7m

Citi raises the numbers hit by data breach

IMF breached by cyber attackers

Yorkshire Building Society censured over stolen unencrypted laptop

[Webinar] Reaping the benefits of Hyper-Personalisation with AI and Application ModernisationFinextra Promoted[Webinar] Reaping the benefits of Hyper-Personalisation with AI and Application Modernisation

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept