Morgan Stanley warns customers of data breach

Morgan Stanley has written to 34,000 customers warning them that their personal financial details may have been stolen while in transit to the New York State Department of Taxation and Finance.

3 comments

Morgan Stanley warns customers of data breach

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The data - including names addresses, account and tax ID numbers and some social security numbers - was shipped on two password-protected, but unencrypted CD-ROMs.

The package containing the CDs was intact when it arrived at its destination, but the discs were missing by the time the parcel reached the desk of the intended recipient.

Jim Wiggins, a Morgan Stanley Smith Barney spokesman told Credit.com that the brokerage had failed to unearth the missing discs after a two-week investigation. The firm then notified customers and offered to pay for a year of credit-monitoring service to customers who received letters warning that their Social Security numbers were among the data.

Sponsored [Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-Invoicing

Comments: (3)

Keith Appleyard IT Consultant at available for hire

I suppose the next logical question is where were the passwords - inside the package, or communicated separatately?

A Finextra member 

Might someone introduce the senders of this disc to the concept of self decrypting archives? Though solutions like PGP might offer best in class protection, even Winzip has a reasonable solution. There is really no reason for a company to send sensitive information unencrypted to anyone these days. K

A Finextra member 

Oh gosh this has all happened before back in 2007 in the UK, Quote from the BBC

...

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing - data on them includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people

...

Both these cases are basic malpractice at an incompetent level and these banks need to do more to protect in a professional way the rightful security of their clients or face potential legal consequences.

 

 

[Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-InvoicingFinextra Promoted[Webinar] Ensuring Interoperability in the Age of Global, Cross-Border e-Invoicing