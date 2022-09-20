Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels

/security

News and resources on cyber and physical threats to banks and fintechs worldwide.
News
See Headlines »

Related Companies

Securities and Exchange Commission (SEC) Morgan Stanley

Lead Channel

Security

Channels

Wealth management Regulation & Compliance
Editorial | what does this mean?
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
Morgan Stanley hit with $35m penalty for device disposal failings

Morgan Stanley hit with $35m penalty for device disposal failings

Morgan Stanley Smith Barney (MSSB) has been slapped with a $35 million penalty for failing to protect the personal identifying information (PII) of about 15 million customers.

The Securities and Exchange Commission hit the wealth manager with the charges, accusing it of "extensive failures" over a five year period.

As far back as 2015, MSSB failed to properly dispose of devices containing its customers’ PII, says the SEC. On multiple occasions, MSSB hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the information of millions of its customers.

Moreover, over several years, the firm failed to properly monitor the moving company’s work. The regulator's investigation found that the moving company sold to a third party thousands of MSSB devices including servers and hard drives, some of which contained customer PII, and which were eventually resold on an internet auction site without removal of such customer PII.

While MSSB recovered some of the devices, which were shown to contain thousands of pieces of unencrypted customer data, the firm has not recovered the vast majority of the devices.

“MSSB’s failures in this case are astonishing. Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so,” says Gurbir Grewal, director of the SEC’s enforcement division.

Without admitting or denying the findings, MSSB has consented to the SEC's order and agreed to pay the $35 million penalty.

Related Companies

Securities and Exchange Commission (SEC) Morgan Stanley

Lead Channel

Security

Channels

Wealth management Regulation & Compliance
Editorial | what does this mean?
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

Sponsored: [New Report] The Future of ESGTech 2023 - A Sibos Special Edition

Comments: (0)

Join the discussion

Write a blog post about this story (membership required)

[Webinar] Why low-code is the solution to propel data driven services[Webinar] Why low-code is the solution to propel data driven services

Trending

Related News
Morgan Stanley customer data exposed though Accellion FTA vulnerability
/security

Morgan Stanley customer data exposed though Accellion FTA vulnerability

Trending

  1. ECB taps CaixaBank and Amazon for digital euro prototypes

  2. Banks and technology partners join EU-wide pilot of digital IDs

  3. Embedded finance set for explosive growth

  4. Goldman Sachs partners Modern Treasury to push embedded payments

  5. Swift runs blockchain pilot for corporate actions data

Research
See all reports »
The Future of ESGTech 2023

The Future of ESGTech 2023

Onboarding, KYC, and Digital Identity: the Bottom Line

Onboarding, KYC, and Digital Identity: the Bottom Line

Mainframe to Cloud: How to shift applications

Mainframe to Cloud: How to shift applications