Tuesday, September 20, 2022

$35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned


$35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned

Enlarge (credit: Getty Images)

Morgan Stanley on Tuesday agreed to pay the Securities and Exchange Commission (SEC) a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centers being resold on auction sites without first being wiped.

The SEC action said that the improper disposal of thousands of hard drives starting in 2016 was part of an “extensive failure” over a five-year period to safeguard customers’ data as required by federal regulations. The agency said that the failures also included the improper disposal of hard drives and backup tapes when decommissioning servers in local branches. In all, the SEC said data for 15 million customers was exposed.

"Astonishing failures"

“MSSB’s failures in this case are astonishing,” said Gurbir S. Grewal, director of the SEC’s enforcement division, using the initials for Morgan Stanley Smith Barney, the full name of the firm. “Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so.”

Read 7 remaining paragraphs | Comments

Reference : https://ift.tt/82yQvEc

No comments:

Post a Comment

Spies hack Wi-Fi networks in far-off land to launch attack on target next door

One of 2024's coolest hacking tales occurred two years ago, but it wasn't revealed to the public until Friday at the Cyberwarcon c...