Morgan Stanley has fired an employee who it says stole data on 350,000 clients, posting some of it online.
The bank says that "partial account information" - not including passwords or social security numbers - on up to 10% of its wealth management clients was taken by the staffer.
Account names and numbers for around 900 clients was briefly posted on the Internet, but was "promptly removed" once discovered.
There is no evidence of losses related to the theft but affected customers are being contacted and law enforcement and regulatory authorities have been notified.
Says a statement: "Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the appropriate authorities to conduct and conclude a thorough investigation of this incident."