Morgan Stanley fined millions for not encrypting hardware
>
Morgan Stanley has settled with the US Securities and Exchange Commission (SEC) over claims that the financial services company has failed to properly protect customer-sensitive data (opens in new tab).
As part of the settlement, the company will pay $35 million, but will not admit guilt or deny the SEC’s findings.
The SEC found that Morgan Stanley failed to protect customer data by poorly handling the decommissioning of some of its storage units. This apparently included hiring a moving and storage company “with no experience or expertise in data destruction services” to repair thousands of hard drives (HDD) and servers, which unencrypted (opens in new tab) personally identifiable information about millions of Morgan Stanley customers, as early as 2015.
lost servers
The company reportedly sold the sensitive hardware to a third party, who ended up selling them at an internet auction instead of properly disposing of the sensitive hardware.
In addition, the moving company lost 42 servers.
“Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB has failed miserably in this regard,” said Gurbir S. Grewal, director of the SEC’s enforcement division.
“If this sensitive information is not properly secured, it could end up in the wrong hands and have disastrous consequences for investors. Today’s action sends a clear signal to financial institutions that they must take their obligation to protect such data seriously.”
Data center commissioning is an entire industry, with companies developing entire processes to ensure that old and obsolete storage units are properly disposed of, without leaking sensitive data to third parties.
Over the past decade, data has become an extremely valuable asset, prompting governments, privacy advocates, and several nonprofit organizations to pay more attention to how major tech companies collect, store, and share customer information.
Through: Tom’s hardware (opens in new tab)