Morgan Stanley Client Data Stolen, Posted Online
Account information on one in 10 of Morgan Stanley’s wealth-management clients — about 350,000 investors — was stolen by an ex-employee, and some of it “was briefly posted on the Internet,” the firm says in a press statement released on Monday.
Morgan Stanley, which runs the second-biggest retail brokerage in the U.S. by assets, adds, “There is no evidence of any economic loss to any client.”
The Internet leak, which affects about 900 clients, includes “account names and numbers” but not “account passwords or Social Security numbers,” Morgan Stanley says in the press release. The staffer who the company says stole the data has been fired, it adds, and “law enforcement and regulatory authorities” are on the case. The company also says it was busy Monday letting affected clients know what happened.
Citing “a person familiar with the matter,” the Financial Times says Morgan Stanley stumbled across the published client information “on December 27 during routine scans of the Internet.” The same source tells the newspaper the posting got “virtually no hits,” but doesn’t say on what website the data appeared.
According to The New York Times, the employee, 30-year-old Galen Marsh, started at Morgan Stanley as a sales assistant in 2008. The Wall Street Journal reports he had been promoted to financial advisor after completing training less than a year ago.
Compliance consultant Brian Hamburger tells CNBC.com it’s alarming an employee would have access to so much information, but the incident isn’t likely to make wealth-management clients more secure. “Until there are real ramifications, until there’s some type of financial penalty, whether through regulators or a private cause of action, I can’t imagine this is going to move the needle in change of behavior among these firms,” he says. “The large, global financial powerhouses that have made their way to this industry are not prepared for the level of sensitivity that wealth-management clients require.”
Bloomberg News reminds us this isn’t the first time Morgan Stanley client data has gone astray. In 2011, “unencrypted compact discs containing tax information for 34,000 clients were lost in transit to the New York State Department of Taxation and Finance,” the news service says. “The firm said at the time it found no evidence the data were misused.”
In its coverage of the breach, The New York Times says, “wealth management has become an increasingly important part of Morgan Stanley’s business since the financial crisis,” as the bank has moved away from “riskier trading.”
Morgan Stanley’s wealth-management unit manages over $2 trillion for about 3.5 million clients.
- To read the New York Times article cited in this story, click here if you have a paid subscription.
- To read the Bloomberg News article cited in this story, click here.
- To read the CNBC.com article cited in this story, click here.
- To read the Financial Times article cited in this story, click here if you have a paid subscription.