U.S. regulators have fined Morgan Stanley $35 million for “outrageous” failures to protect customer data.
of US Securities and Exchange Commission said Tuesday that the Wall Street bank’s wealth management business failed to protect information identifying about 15 million customers in five years.
According to the SEC, since at least 2015, banks that have agreed to settle claims without admitting or denying accusations have failed to properly dispose of devices that store their customers’ personal data.
Morgan Stanley The agency said it hired movers who don’t specialize in data destruction to disable thousands of servers and hard drives.
The movers then sold thousands of bank devices to third parties, some of which contained customer data, and were eventually resold on online auction sites. According to the SEC, banks have recovered some of the equipment, but not most.
Authorities also found that Morgan Stanley failed to protect customer data when shutting down some servers on its network. During this process, the bank realized that his 42 servers, which may have stored unencrypted personal information of customers, were missing.
Morgan Stanley did not immediately respond to a request for comment.
Gurbir Grewal, the head of the SEC’s law enforcement division, described Morgan Stanley’s failure as “amazing.”
“Today’s action sends a clear message to financial institutions that they must take their obligations to protect such data seriously,” Grewal said in a statement.
This penalty is significantly higher than the $1 million fine that wealth management businesses agreed to pay the SEC for similar violations in 2016. The same division also reached a settlement in a class action lawsuit over a data breach. This included creating her $60 million fund to compensate victims.
Morgan Stanley completed the full acquisition in 2012 after acquiring a majority stake in Citigroup’s Smith Barney Asset Management business in 2009.
The division played a central role in Morgan Stanley’s foray into wealth management and efforts to reduce its reliance on investment banking and trading.
The move against Morgan Stanley comes as the SEC increases its scrutiny of Wall Street’s record-keeping practices.Agencies launch investigations into telecom storage spread across banking sector, lenders prepare for payments Fines of over $1 billion to the SEC and the Commodity Futures Trading Commission.
JP Morgan agreed to make record payments to US regulators in December $200 million Failure to keep records of employee communications on personal devices.
https://www.ft.com/content/9aed6933-1c96-402e-a194-069c8ed3306c SEC finds sensitive Morgan Stanley device auctioned online