Morgan Stanley hit with $1m SEC fine over customer data hack

Morgan Stanley hit with $1m SEC fine over customer data hack

Morgan Stanley will pay a $1 million penalty to settle SEC charges related to data protection failures which saw a former staffer transfer account data to his personal server, which was then hacked.

Financial advisor Galen Marsh was fired last January after downloading "partial account information" - not including passwords or social security numbers - on 730,000 wealth management clients over a three year period.

Hackers appear to have stolen account names and numbers from Marsh's server, briefly posting the details of around 900 clients on the Internet and offering to sell more.

The SEC has issued an order finding that Morgan Stanley "failed to adopt written policies and procedures reasonably designed to protect customer data".

The bank agreed to settle without admitting or denying the findings. Marsh has accepted a five year industry bar on top of a criminal conviction last year, for which he received 36 months of probation and a $600,000 restitution order.

Comments: (1)

A Finextra member
A Finextra member 09 June, 2016, 09:12Be the first to give this comment the thumbs up 0 likes And this from a firm that co-partner in the Reference Data Utility (RDU) along Goldman Sachs, JPM and Smartstream. Wouldn't trust them with my Bank's data. One hack and the whole lot is at risk.