Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Morgan Stanley data exposure settlement overview:
- Who: Morgan Stanley agreed to pay $35 million to the Securities and Exchange Commission (SEC).
- Why: The settlement will put an end to an SEC investigation into allegations Morgan Stanley improperly decommissioned devices and exposed the data of millions of customers.
- Where: The Securities and Exchange Commission granted the settlement order.
Morgan Stanley Smith Barney LLC reportedly reached a $35 million settlement with the Securities and Exchange Commission (SEC) over allegations it improperly removed computer devices from its offices, exposing the data of millions of customers.
Insufficient oversight of data center decommissioning led to Morgan Stanley data exposure, SEC says
In 2016, Morgan Stanley allegedly hired a moving and storage company to decommission two data centers and “remove, destroy or delete” data contained on devices. However, the moving company allegedly did not have any experience with providing data destruction services.
Initially, the moving company reportedly worked with an e-waste management company to destroy data contained on the decommissioned devices. This working relationship ended, and the moving company allegedly began selling unwiped devices from Morgan Stanley’s data centers.
The SEC settlement documents note that the moving company sold nearly 5,000 information technology assets, including unwiped hard drives, some of which contained personal identifying information from Morgan Stanley customers.
In 2019, Morgan Stanley again allegedly failed to properly dispose of customer data when it decommissioned around 500 local devices and was unable to locate 42 of the decommissioned devices. The missing devices potentially contained unencrypted personal identifying information and consumer report information.
The SEC determined that Morgan Stanley failed to take reasonable measures to protect consumer data when it decommissioned devices and failed to implement policies and procedures that were adequately designed to protect the confidentiality of customer records.
SEC statement calls failures leading to Morgan Stanley data exposure ‘astonishing’
“[Morgan Stanley’s] failures in this case are astonishing,” Gurbir Grewal, the director of the SEC’s division of enforcement, says in a statement.
“If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors,” Grewal says.
Morgan Stanley did not admit any wrongdoing but agreed to the settlement to put an end to the SEC’s investigation into the Morgan Stanley data exposure incident.
In related news, Morgan Stanley recently agreed to pay $60 million to resolve a Morgan Stanley data exposure class action lawsuit that would allow eligible class members to seek up to $10,000 in reimbursement for out-of-pocket expenses related to the data breaches.
The deadline to file a claim for the Morgan Stanley data exposure settlement passed on Aug. 11, 2022.
What are your thoughts about the Morgan Stanley data exposure settlement with the SEC? Tell us about it in the comments!
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
2 thoughts onMorgan Stanley to pay SEC $35M to settle data exposure inquiry
This action against Morgan Stanley for every state in USA
Add me