Press "Enter" to skip to content

Morgan Stanley leaked customer data because it didn’t wipe harddrives

It’s too cliché not to look at – federal regulators accused Morgan Stanley on Tuesday of “astonishing” failures that led to the mishandling of sensitive data on some 15 million customers.

What is the mishandling?   They did not properly dispose of the devices they were retiring, which held sensitive data.  In one case, they hired a moving company with no experience or expertise in data destruction to decommission hard drives and services.  That company went on to resell those machines…. With the data still there.    

Other ways?   They failed to safeguard customer data and properly dispose of consumer report information in other ways, including when the firm shut down local office and branch servers.    In that one, 42 servers, all potentially containing unencrypted data and consumer report information, were “missing.”   

Morgan Stanley paid a fine of $35 million without admitting or denying the findings.  

Why do we care?

Morgan Stanley had revenues of $13.1 billion for the second quarter of 2022, and its profit was $2.5 billion.   This was DOWN.      

For those of us in IT Services, we’re screaming about the incompetence here.   This is as blatant and careless as you can consider.    

And the end result… clearly not that big a deal.   That’s a parking ticket, not a serious fine.      I’m not advocating for providers to not care about doing the job right, nor protecting data.  I’m observing that unless the consequences are real, you shouldn’t expect a change.       Ponder how you feel about data protection laws now.  

Be First to Comment

Leave a Reply