Morgan Stanley Warns 34,000 Clients of Data Breach (Hacking Not to Blame)
Morgan Stanley Warns 34,000 Clients of Data Breach (Hacking Not to Blame)
Posted 07/06/2011 at 6:40am
| by Paul Lilly
5
Comments
Print
Morgan Stanley Smith Barney has some bad news for 34,000 investment clients. In a notice posted on its website yesterday, the firm warned that their personal information "has been lost, and possibly stolen, in a data breach." Information includes clients' names, addresses, account and tax identification numbers, income earned on the investments in 2010, and in some cases, even social security numbers. Unlike some recent hacker attacks, Morgan Stanley has only itself to blame in this case.
The outfit said all that juicy data was saved on two password protected CD-ROMs, but the CDs were not encrypted. Morgan Stanley mailed the CDs to the New York State Department of Taxation and Finance, and while the package was intact when it reached its destination, by the time it made it to the desk it was intended, the CDs were gone.
"There's no evidence that there was any criminal intent here, or actual misuse of this information," Jim Wiggins, a spokesman for Morgan Stanley, said in a phone interview with Credit.com.
Malicious intent or not, the lack of encryption on media containing personal information of thousands of clients is troubling, and Wiggins said his firm is "going to work with the state to see if we can improve the security of this data transmission." Also concerning is how long it took Morgan Stanley to warn customers their personal information is at risk. The state notified Morgan Stanley about the lost data on June 8, and it took the company two weeks to conduct an "exhaustive search" of all facilities the CDs passed through, Credit.com reports. Morgan Stanley mailed letters to clients on June 24.
One of the letters suggested clients check their financial statements for suspicious activity. In a second letter mailed only to clients whose Social Security or tax identification numbers were lost, the company said it would foot the bill for clients to enroll in a year's worth of credit monitoring services by Experian.
More like this
5
Comments
Comments are closed on this article
TerribleToaster
July 06, 2011 at 7:15am
Ignoring the brilliant idea of sending a CD of personal information unencrypted, through snail mail; with no guarding of any kind to ensure that, through all the changes of hands it will go through, it will be making it to the intented person:
Why even bother to password protect an unencrypted CD?
I'd face palm but I fear I'd break my nose with the force.
winmaster
July 09, 2011 at 7:19pm
Try a double facepalm instead. Perhaps the force will be distributed evenly between the two, allowing your nose to remain intact.
http://digitaldaily.allthingsd.com/files/2010/02/double-facepalm.jpg
EDIT: Dammit, knew the link was a bad idea. Now the SPAM filters are after me.
TerribleToaster
July 06, 2011 at 7:22am
Out of curiosity, why can we edit posts before they are responded to, but we cannot delete them?
It'd really help with Geminus Stipes Disorder.
skirge01
July 06, 2011 at 7:07am
"the company said it would foot the bill for clients to enroll in a year's worth of credit monitoring services by Experian."
How often do we hear this? I wonder if Experian has any field 'sales' employees...
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 22 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 22 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 19 hours ago
