• Home
  • Shop
  • Privacy Policy
  • Terms and Conditions
Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
No Result
View All Result
  • Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
No Result
View All Result
Blog - Creative Collaboration
No Result
View All Result
Home Internet

$35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned

September 20, 2022
Share on FacebookShare on Twitter

Getty Images

Morgan Stanley on Tuesday agreed to pay the Securities and Exchange Commission (SEC) a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centers being resold on auction sites without first being wiped.

The SEC action said that the improper disposal of thousands of hard drives starting in 2016 was part of an “extensive failure” over a five-year period to safeguard customers’ data as required by federal regulations. The agency said that the failures also included the improper disposal of hard drives and backup tapes when decommissioning servers in local branches. In all, the SEC said data for 15 million customers was exposed.

“Astonishing failures”

“MSSB’s failures in this case are astonishing,” said Gurbir S. Grewal, director of the SEC’s enforcement division, using the initials for Morgan Stanley Smith Barney, the full name of the firm. “Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so.”

Much of the failure stemmed from the 2016 hire of a moving company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the data of millions of customers. The moving company received 53 RAID arrays that collectively contained roughly 1,000 hard drives, and it also removed about 8,000 backup tapes from one of the Morgan Stanley data centers.

Advertisement

The unnamed moving company initially contracted with an IT specialist to wipe or destroy any sensitive data stored on the drives. Eventually, the moving company stopped working with that specialist and began selling the storage devices to a company that in turn sold them at auction. The new company was never vetted by Morgan Stanley or approved as a contractor or subcontractor in the decommissioning project.

In 2017, more than a year after the data center’s decommissioning, Morgan Stanley officials received an email from an IT consultant in Oklahoma, informing them that hard drives he purchased from an online auction site contained Morgan Stanley data.

In a complaint, SEC officials wrote, “In that email, Consultant informed MSSB that ‘[y]ou are a major financial institution and should be following some very stringent guidelines on how to deal with retiring hardware. Or at the very least getting some kind of verification of data destruction from the vendors you sell equipment to.’ MSSB eventually repurchased the hard drives in Consultant’s possession.”

The SEC action also said that many of the storage devices didn’t have encryption turned on, though the option existed. Even after the investment firm began using encryption options in 2018, only new data written to the disks was protected. In some cases, data still wasn’t properly encrypted because of a flaw in an unidentified vendor’s product.

Without admitting or denying the SEC claims, Morgan Stanley agreed to Tuesday’s finding that it violated the Safeguards and Disposal Rules under Regulation S-P and agreed to pay the $35 million penalty.

In a statement, Morgan Stanley officials wrote, “We are pleased to be resolving this matter. We have previously notified applicable clients regarding these matters, which occurred several years ago, and have not detected any unauthorized access to, or misuse of, personal client information.”

Next Post

Fitbit Sense 2 and Versa 4 Wi-Fi connectivity is curiously disabled

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Click Here!

Recent News.

iPhone’s Compass app is the best travel tool you’re not using

June 5, 2023

UAW seeks united, engaged membership as contract talks approach

June 5, 2023

Meta Quest 2 price permanently lowered after Quest 3 launch

June 5, 2023

Review – Call of the Sea VR (Quest 2) | WayTooManyGames

June 5, 2023

Mobile .

Amazon Prime could include cell service someday

June 4, 2023

Camera binoculars on sale for just $122

June 4, 2023

Score this personal AC for the lowest price online at $79

June 4, 2023

Best ChatGPT WordPress Plugin deal: 79% off

June 4, 2023

Recent News

iPhone’s Compass app is the best travel tool you’re not using

June 5, 2023

UAW seeks united, engaged membership as contract talks approach

June 5, 2023

Sci-Fi

Meta Quest 2 price drop: Now just $299

June 4, 2023
No Result
View All Result

Categories

  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi
  • Home
  • Shop
  • Privacy Policy
  • Terms and Conditions

© CC Startup, Powered by Creative Collaboration. © 2020 Creative Collaboration, LLC. All Rights Reserved.

No Result
View All Result
  • Home
  • Blog
  • Android
  • Cars
  • Gadgets
  • Gaming
  • Internet
  • Mobile
  • Sci-Fi

© CC Startup, Powered by Creative Collaboration. © 2020 Creative Collaboration, LLC. All Rights Reserved.

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

We respect your privacy and take protecting it seriously