Investing
SEC Settles Charges With Morgan Stanley in Safeguarding Data
Published:
Last Updated:
The U.S. Securities and Exchange Commission (SEC) recently announced that Morgan Stanley (NYSE: MS) brokerage Morgan Stanley Smith Barney has agreed to pay a $1 million penalty to settle charges related to its failures to protect customer information. It’s worth noting that some of this information was hacked and offered for sale online.
The federal securities laws in place require registered broker-dealers and investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information.
The agency issued an order finding that Morgan Stanley failed in its adoption of these written policies and procedures. As a result of these failures, during the span of 2011 to 2014, a then-employee impermissibly accessed and transferred the data regarding roughly 730,000 accounts to his personal server, which was ultimately hacked by third parties.
Andrew Ceresney, director of the SEC Enforcement Division, commented:
Given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection. We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information.
According to the report:
- Morgan Stanley’s policies and procedures were not reasonable, however, for two internal web applications or “portals” that allowed its employees to access customers’ confidential account information.
- For these portals, Morgan Stanley did not have effective authorization modules for more than 10 years to restrict employees’ access to customer data based on each employee’s legitimate business need.
- Morgan Stanley also did not audit or test the relevant authorization modules, nor did it monitor or analyze employees’ access to and use of the portals.
- Consequently, then-employee Galen J. Marsh downloaded and transferred confidential data to his personal server at home between 2011 and 2014.
- A likely third-party hack of Marsh’s personal server resulted in portions of the confidential data being posted on the Internet with offers to sell larger quantities.
100 Million Americans Are Missing This Crucial Retirement Tool
The thought of burdening your family with a financial disaster is most Americans’ nightmare. However, recent studies show that over 100 million Americans still don’t have proper life insurance in the event they pass away.
Life insurance can bring peace of mind – ensuring your loved ones are safeguarded against unforeseen expenses and debts. With premiums often lower than expected and a variety of plans tailored to different life stages and health conditions, securing a policy is more accessible than ever.
A quick, no-obligation quote can provide valuable insight into what’s available and what might best suit your family’s needs. Life insurance is a simple step you can take today to help secure peace of mind for your loved ones tomorrow.
Click here to learn how to get a quote in just a few minutes.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Latest from 24/7
Our expert who first called NVIDIA in 2009 is predicting 2025 will see a historic AI breakthrough.
You can follow him investing $500,000 of his own money on our top AI stocks for free.