The financial services company Morgan Stanley has confirmed a partial client data leak, the incident was confirmed by the firm in a statement published on its website. Morgan Stanley reported that an employee posted approximately 900 wealth management clients’ account information, including names and telephone numbers.
The data was discovered by bank staff on the Pastebin file sharing service, law enforcement suspect that the thief was looking to sell client information to criminal organizations specialized in the identity theft. The stolen data doesn’t include social security numbers and user’s passwords.
Morgan Stanley claims it has contacted the law enforcement and regulatory authorities that started the investigation on the case, meantime the firm announced that the wealth management employee involved “has been terminated.”
“While there is no evidence of any economic loss to any client, it has been determined that certain account information of approximately 900 clients, including account names and numbers, was briefly posted on the Internet. Morgan Stanley detected this exposure and the information was promptly removed.
Overall, partial account information of up to 10 percent of all Wealth Management clients was stolen. The data stolen does not include account passwords or social security numbers. The Firm is taking the precaution of notifying all potentially affected clients and instituting enhanced security procedures including fraud monitoring on these accounts. ” reports the statement on the website.
Morgan Stanley has promptly removed the data from the web and is informing its clients on the incident, the company has quickly detected the compromise and have adopted all the necessary measured to mitigate the potential damage to its clients.
Morgan Stanley has identified the alleged culprit, its name is Galen Marsh, who may have been trying to offer the client data online.
“Morgan Stanley MS +1.02% has a new kind of data breach: a rogue 30-year old employee named Galen Marsh. The bank said Monday it fired an employee who stole account information from up to 10% of its total wealth management clients, including account names and numbers.” reported Forbes.
It seems that Mr. Marsh accessed the data of approximately 350,000 wealth management clients in total. The man has stolen the precious information from internal systems without hacking them. This circumstance highlights the importance of properly segregate sensitive data, especially in the financial industry, and deploy systems to detect potential compromise of customer data.
“This is an employment matter between Mr. Marsh and Morgan Stanley. He has acknowledged that he should not have obtained the account information and has been cooperating with Morgan Stanley to protect the firm and its customers,” Robert C. Gottlieb, an attorney representing Marsh told Forbes in an emailed statement.
“To be clear, Mr. Marsh did not sell or ever intend to sell any account information to anyone. He did not post the information on-line, he did not share any account information with anyone or use it for any personal financial gain. He is devastated by what has occurred and is extremely sorry for his conduct,” Gottlieb added.
The FBI is currently investigating the data theft.
(Security Affairs – Morgan Stanley, data theft)