E Point Perfect
Law \ Legal

SEC Fines Morgan Stanley $35 Million for Alleged Failure to Protect Customer Data


On September 20, 2022, the U.S. Securities and Exchange Commission announced that Morgan Stanley Smith Barney agreed to pay a $35 million fine for the firm’s alleged failure to adequately protect the personal information of approximately 15 million customers. Morgan Stanley settled the SEC’s claims without agreeing to or denying the agency’s findings. 

The SEC alleged that between 2015 and 2017, Morgan Stanley failed to properly dispose of devices containing customer personal information. According to the SEC, Morgan Stanley disposed of thousands of hard drives and servers via a moving and storage company with no prior experience in data destruction. The moving company later sold decommissioned Morgan Stanley hardware devices containing unencrypted customer personal information to a third party, the majority of which were unable to be recovered.

In addition, the SEC alleged that Morgan Stanley failed to account for 42 servers the firm had replaced during an office hardware upgrade program. The servers, which contained sensitive customer information , had been equipped with encryption software, but the firm allegedly failed to activate the software.


Source link

Related posts

India Reverses Payroll Localization Requirement for Employment Visa Holders

FDA Publishes Pesticide Residue Report for FY 2020

Say Hello to the 7-figure ebook + ChatGPT.

2022 Amendments to the Delaware General Corporation Law

BC Supreme Court looks for common ground with conflicting experts in personal injury action

I was fired without cause: Is my noncompete enforceable?