One of the traumatic effects of data security breaches on an organization is the lawsuit that comes with it after the damage. Not only that but there’s this trauma of losing the trust of their clients. This was the case with the Morgan Stanley data security breach. Let’s talk about the data security breach at Morgan Stanley and the settlement afterward.<\/p>\n\n\n\n
Morgan Stanley is a global financial service formed by Harold Stanley and Henry S. Morgan on September 16, 1935. The firm offers investment banking products and services to enterprises, governments, financial institutions, and people as clients and customers.\u00a0The firm\u00a0operates in the following business sectors: Institutional securities, wealth management, and investment management. On behalf of institutional investors, the Institutional securities\u00a0division provides financial consulting, capital-raising, and related finance services.<\/p>\n\n\n\n
Wealth Management provides brokerage and investment advisory services for equities, options, futures, foreign currencies, precious metals, fixed-income securities, mutual funds, structured products, alternative investments, unit investment trusts, managed futures, separately managed accounts, and mutual fund asset allocation programs. Finally, the Investment Management division offers strategies for stock, fixed income, alternative investments, real estate, and merchant banking.<\/p>\n\n\n\n
Social engineering assaults have resulted in the breach of customer accounts at Morgan Stanley Wealth Management, the company’s wealth and asset management business.<\/p>\n\n\n\n
Accounts were compromised due to voice phishing, a sort of social engineering in which fraudsters pose as a legitimate entity over the phone in order to trick their targets into divulging personal information over the phone.<\/p>\n\n\n\n
Customers received emails informing them that a cybercriminal posing as the financial services provider had compromised their online account information.<\/p>\n\n\n\n
After gaining access to their accounts, the hacker then moved funds electronically to their own bank account via the Zelle payment service.<\/p>\n\n\n\n
“As you are aware, on or around February 11, 2022, you were contacted by a bad actor claiming to be with Morgan Stanley.” <\/p>\n\n\n\n
“The bad actor was able to obtain information relating to your Morgan Stanley Online account, subsequently accessing this account and initiating unauthorized Zelle payments.”<\/p>\n\n\n\n
However, the company has come out to assure BleepingComputer that “there was no data breach or information leak from them<\/p>\n\n\n\n
According to Morgan Stanley, they have locked all affected customers’ accounts, and their systems “remain secure.”<\/p>\n\n\n\n
“This compromise was not the result of any action by Morgan Stanley Wealth Management and our systems remain secure,” said the business.<\/p>\n\n\n\n
Furthermore, Morgan Stanley warns clients against responding to calls from unknown numbers in order to protect themselves from phishing and other social engineering frauds.<\/p>\n\n\n\n
Here is what they advised:<\/p>\n\n\n\n
“You can always hang up and call the organization back using a phone number found through a trusted source, such as the company\u2019s official website or perhaps a financial statement.”<\/p>\n\n\n\n
The $60,000,000 settlement of the class action lawsuit against Morgan Stanley. This case involves allegations against Morgan Stanley, a financial services and investment banking firm headquartered in the United States. About 15 million Morgan Stanley customers’ names, addresses, and Social Security numbers were exposed to two distinct data security issues.<\/p>\n\n\n\n
According to the complaint, Morgan Stanley mishandled the disposal of IT (information technology) equipment in 2016 and 2019. Many of these IT tools disappeared after being sold to unnamed third parties.<\/p>\n\n\n\n
As a result of this incident, unauthorized persons may have gotten access to personal information about Morgan Stanley clients. Client information from Morgan Stanley may have been stored on the contested IT equipment.<\/p>\n\n\n\n
\u2022 Social Security Numbers,
\u2022 Maiden Names,
\u2022 Past and Current Work and Home Addresses,
\u2022 Driver’s License Numbers,
\u2022 Personal Income,
\u2022 Asset Holding Information,
\u2022 Passports,
\u2022 Telephone and Cell Numbers,
\u2022 Family Members’ Information,
\u2022 Dates of Birth.<\/p>\n\n\n\n
All of this data is PII and poses a significant risk of identity theft, which in turn can cause incalculable harm.<\/p>\n\n\n\n
If you are a Morgan Stanley client who received a data breach notification letter in July 2020 and\/or June 2021 informing you that your Personal Information may have been compromised in Data Security Incidents, you may be entitled to benefits under this class action Settlement.<\/p>\n\n\n\n
If you have not received a unique code but believe you are a Settlement Class Member, there’s the number to call\u00a0to verify your identity and obtain additional information:1-855-604-1744<\/strong><\/p>\n\n\n\n Morgan Stanley has agreed to establish a $60 million class action settlement fund to fully resolve and release the claims of the Settlement Class Members related to the Data Security Incidents.<\/p>\n\n\n\n Members who meet the requirements are eligible to earn a portion of the $60 million fund for each of the following:<\/p>\n\n\n\n The settlement marks the final closure of an incident that has lasted nearly five years. Morgan Stanley issued a notification to customers in July 2020, alerting them to two potential incidents involving personal information.<\/p>\n\n\n\n According to the firm, a vendor may not have erased all information – including client data – from hard drives during the decommissioning of two data centers in 2016. It also stated in 2019 that a server from a branch office may have been lost during a hardware refresh, and that part of the wiped data may still be on the disk and unencrypted.<\/p>\n\n\n\n Morgan Stanley was fined $60 million by the US Office of the Comptroller of the Currency (OCC) in 2020 for failing to properly decommission two wealth management data centers in 2016. The bank “failed to exercise proper oversight” of the decommissioning of the two US-based sites, according to the OCC.<\/p>\n\n\n\n As a result of the breach, the corporation was hit with eight lawsuits, which were later consolidated into a single class-action complaint. The corporation was accused of “ignoring industry standards” when it came to proper IT Asset Disposal (ITAD).<\/p>\n\n\n\n According to court documents, the bank fired IBM in favor of an “unknown and unqualified vendor” to decommission its computer equipment as part of “profit-driven decisions” to save $100,000. After that, the bank hired Triple Crown to remove, wipe, and discard the devices.<\/p>\n\n\n\n Instead of properly disposing of the devices, Triple Crown allegedly sold them to another ITAD firm, AnythingIT, and represented to Morgan Stanley that they had been destroyed. AnythingIT then neglected to clean the devices before selling them to KruseCom, another ITAD business that either destroyed or sold the devices.<\/p>\n\n\n\n Despite the fact that some lost hardware was never recovered, the bank has stated that no clients were harmed as a result of the data loss.<\/p>\n\n\n\n The bank removed and replaced around 500 Wide Area Application Services from branch offices in the 2019 incident, and was unable to account for all of the devices during a subsequent inventory. According to the manufacturer, a ‘software error’ meant that some deleted data could remain unencrypted on the disk.<\/p>\n\n\n\n Morgan Stanley is a global leader in investment banking, and corporations, organizations, and governments rely on it. They advise clients on mergers, acquisitions, restructurings, initial public offerings (IPOs), convertibles, share repurchases, debt issues, derivatives, and other transactions.<\/p>\n\n\n\n Morgan Stanley was accused by federal regulators of “astonishing” mistakes that resulted in the mishandling of sensitive data on approximately 15 million customers.<\/p>\n\n\n\n You can choose from the entire portfolio of managed account programs, which are tailored for varying levels of financial experience and sophistication and have asset minimums as low as $5,000.<\/p>\n\n\n\n Customers’ Social Security numbers and birth dates were not completely erased from the decommissioned data center equipment, and the equipment went lost. They stated that a software error left data on the old systems unguarded.<\/p>\n\n\n\nWhat to get\u2026<\/span><\/h4>\n\n\n\n
\n
Morgan Stanley Data Security Settlement: Conclusion<\/span><\/h2>\n\n\n\n
Read also: Cybersecurity Awareness Month: All You Need to Know<\/a><\/span><\/h4>\n\n\n\n
What is Morgan Stanley known for?<\/h2>\n\n\n\n
How many people were\u00a0impacted by the Morgan Stanley data breach?<\/h2>\n\n\n\n
How much money do you need to be a client of Morgan Stanley?<\/h2>\n\n\n\n
What really occurred in the Morgan Stanley data breach?<\/h2>\n\n\n\n