Morgan Stanley fined $35m after devices with customer details were auctioned off online

Morgan Stanley will pay $35m to settle allegations that it scrapped computer servers and hard drives without ensuring they no longer held sensitive customer information, regulators said.

Some of the computer hardware was resold with customer data still on it, according to the Securities and Exchange Commission. The brokerage and the money-management firm agreed to pay the fine without admitting or denying wrongdoing, the SEC said.

The SEC also alleged that Morgan Stanley lost track of 42 computer servers that potentially contained unencrypted customer data. The missing servers were used in local offices where stockbrokers and investment advisers dealt with clients, the SEC said.

In a statement on 20 September, the SEC said the “devices including servers and hard drives, some of which contained customer PII [personal identifying information], and which were eventually resold on an internet auction site without removal of such customer PII”.

The conduct violated a regulation that requires brokers and money managers to protect the security and confidentiality of certain customer records, the SEC said.

The $35m fine represents a steep penalty for an alleged record-keeping misstep. Last year, the SEC imposed fines of $300,000 or less on three smaller financial-advisory firms accused of similar violations.

“If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors,” SEC Enforcement Director Gurbir Grewal said.

Write to Dave Michaels at [email protected]

This article was published by The Wall Street Journal, part of Dow Jones

Most Related Links :
Daily News Era Latest News Sports News Finance News Automobile News

Root link

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button