Morgan Stanley to pay $35 million to settle SEC charges it mishandled customer data

Send a link to a friend  Share

[September 20, 2022]  By Pete Schroeder
 
WASHINGTON (Reuters) - A Morgan Stanley unit has agreed to pay $35 million to settle Securities and Exchange Commission charges it repeatedly failed to safeguard personal information for millions of customers, the regulator said Tuesday.

The logo for Morgan Stanley is seen on the trading floor at the New York Stock Exchange (NYSE) in Manhattan, New York City, U.S., August 3, 2021. REUTERS/Andrew Kelly

The SEC said that for five years, Morgan Stanley Smith Barney failed to protect personal identifying information for 15 million customers. The firm agreed to pay the fine without admitting or denying its findings.

Dating back to 2015, the firm failed to properly dispose of devices containing sensitive information, including repeatedly hiring a moving and storage company with no proper expertise to decommission thousands of hard drives and servers, the SEC said. Those devices wound up being sold to a third party and ultimately auctioned online with the personal information intact and unencrypted. Only a portion of those devices were recovered, according to the regulator.

The SEC also said the firm lost track of 42 servers containing personal information when it was undergoing a hardware refresh program, and failed to activate existing encryption software on those devices for years beforehand.

"MSSB's failures in this case are astonishing. Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so," Gurbir Grewal, the SEC's enforcement director, said in a statement.

(Reporting by Pete Schroeder; Editing by Edwina Gibbs)

[© 2022 Thomson Reuters. All rights reserved.]
This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content.

 

 

Back to top