We use cookies to understand how you use our site and to improve your experience. This includes personalizing content and advertising. To learn more, click here. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Service.
You are being directed to ZacksTrade, a division of LBMZ Securities and licensed broker-dealer. ZacksTrade and Zacks.com are separate companies. The web link between the two companies is not a solicitation or offer to invest in a particular security or type of security. ZacksTrade does not endorse or adopt any particular investment strategy, any analyst opinion/rating/report or any approach to evaluating individual securities.
If you wish to go to ZacksTrade, click OK. If you do not, click Cancel.
Morgan Stanley Fined $1M by SEC Over Client Data Breach
Read MoreHide Full Article
More than 18 months ago Morgan Stanley (MS - Free Report) had disclosed the theft of information of its wealth management clients by Galen Marsh (now a former employee), with some of it even posted online for sale. Now, the company has been hit with a fine of $1 million by the U.S. Securities and Exchange Commission (SEC) for not having proper protection in place.
Morgan Stanley neither admitted nor denied these allegations. The company in a statement said, “Morgan Stanley worked quickly to protect affected clients by changing account numbers and offering credit monitoring and identity theft protection services, and has strengthened its mechanisms for safeguarding client data. No fraud against any client account was reported as a result of this incident.”
The Back Story and SEC Findings
It was in Jan 2015 that Morgan Stanley had revealed the data breach. Further, the company had terminated the service of Marsh and informed the regulatory bodies and law enforcement agencies about the same.
Morgan Stanley stated that the stolen data included account names and numbers, size of accounts and certain transaction information. However, sensitive information like account passwords and social security numbers were not compromised. Further, the company also informed all the affected clients.
Though the data theft did not lead to any economic loss to any of its clients, stealing and posting of data (account names and numbers) online was a serious breach of Morgan Stanley’s cyber security program.
Notably in Dec 2015, Marsh was sentenced to three years of probation and was ordered to pay $600,000 in restitution. He pleaded guilty to one felony count of unauthorized access to computer. However, per the latest SEC order, he has been given “five-year securities industry ban.”
According to the SEC findings, between 2011 and 2014, Marsh transferred data from about 730,000 accounts to his home computer, which was later hacked by a third party.
Additionally, Morgan Stanley failed to adopt proper precautions to check and stop such unauthorized data access and transfer. The company violated a federal rule – Safeguards Rule – by failing to protect customer data.
Andrew Ceresney, Director of the SEC Enforcement Division, said, “Given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection. We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information.”
Going Forward
Though the fine amount is very small, the findings by the SEC are likely to dent clients’ confidence in Morgan Stanley.
There have been instances of cyber attacks on several financial companies and retailers including JPMorgan Chase & Co. (JPM - Free Report) , The Home Depot, Inc. (HD - Free Report) and Target Corp. (TGT - Free Report) . With cyber security becoming a matter of utmost importance, all the companies should regard it as a part of their safeguarding strategies.
Currently, Morgan Stanley carries a Zacks Rank #3 (Hold).
Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report >>
See More Zacks Research for These Tickers
Normally $25 each - click below to receive one report FREE:
Image: Bigstock
Morgan Stanley Fined $1M by SEC Over Client Data Breach
More than 18 months ago Morgan Stanley (MS - Free Report) had disclosed the theft of information of its wealth management clients by Galen Marsh (now a former employee), with some of it even posted online for sale. Now, the company has been hit with a fine of $1 million by the U.S. Securities and Exchange Commission (SEC) for not having proper protection in place.
Morgan Stanley neither admitted nor denied these allegations. The company in a statement said, “Morgan Stanley worked quickly to protect affected clients by changing account numbers and offering credit monitoring and identity theft protection services, and has strengthened its mechanisms for safeguarding client data. No fraud against any client account was reported as a result of this incident.”
The Back Story and SEC Findings
It was in Jan 2015 that Morgan Stanley had revealed the data breach. Further, the company had terminated the service of Marsh and informed the regulatory bodies and law enforcement agencies about the same.
Morgan Stanley stated that the stolen data included account names and numbers, size of accounts and certain transaction information. However, sensitive information like account passwords and social security numbers were not compromised. Further, the company also informed all the affected clients.
Though the data theft did not lead to any economic loss to any of its clients, stealing and posting of data (account names and numbers) online was a serious breach of Morgan Stanley’s cyber security program.
Notably in Dec 2015, Marsh was sentenced to three years of probation and was ordered to pay $600,000 in restitution. He pleaded guilty to one felony count of unauthorized access to computer. However, per the latest SEC order, he has been given “five-year securities industry ban.”
According to the SEC findings, between 2011 and 2014, Marsh transferred data from about 730,000 accounts to his home computer, which was later hacked by a third party.
Additionally, Morgan Stanley failed to adopt proper precautions to check and stop such unauthorized data access and transfer. The company violated a federal rule – Safeguards Rule – by failing to protect customer data.
Andrew Ceresney, Director of the SEC Enforcement Division, said, “Given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection. We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information.”
Going Forward
Though the fine amount is very small, the findings by the SEC are likely to dent clients’ confidence in Morgan Stanley.
There have been instances of cyber attacks on several financial companies and retailers including JPMorgan Chase & Co. (JPM - Free Report) , The Home Depot, Inc. (HD - Free Report) and Target Corp. (TGT - Free Report) . With cyber security becoming a matter of utmost importance, all the companies should regard it as a part of their safeguarding strategies.
Currently, Morgan Stanley carries a Zacks Rank #3 (Hold).
Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report >>