Morgan Stanley penalised US$1m over data theft
[WASHINGTON] US investment bank Morgan Stanley will pay US$1 million for lax protection of customer data after an employee took records on some 730,000 clients, the Securities and exchange Commission announced Wednesday.
The SEC said the bank did not adequately limit staff access to confidential customer account data, and that some of the data taken by the former employee eventually was posted for sale on the Internet by a third party.
The SEC said the employee, Galen Marsh, downloaded the confidential records between 2011 and 2014 and transferred them to his home computer server.
Then, according to the agency, "a likely third party" hacked into Marsh's server to access the data, some of which was then posted for sale online.
When the case first came to light in early 2015, Morgan Stanley said there was no evidence that customers had incurred any financial losses due to the data theft.
Marsh was later convicted for the theft and was sentenced to 36 months of probation and ordered to pay US$600,000 in restitution.
"Given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection," said Andrew Ceresney, director of the SEC Enforcement Division, in a statement.
"We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information," he said.
AFP
KEYWORDS IN THIS ARTICLE
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
Banking & Finance
ADB agrees to US$5 billion funds replenishment with donors
Dollar drops as employers add fewer jobs than expected in April
HSBC has no plans to dispose of further businesses, chairman says
JPMorgan unveils IndexGPT in next Wall Street bid to tap AI boom
Morgan Stanley, Frasers settle UK lawsuit over US$1 billion margin call
Danske’s net income rises 9% helped by higher interest rates