Security - Check Permissions

MFDF - Mutual Fund Directors Forum - Morgan Stanley Settles SEC Charges Over Failures to Protect Client Information

Member Login



Request an account

Sample Banner 1

Morgan Stanley Settles SEC Charges Over Failures to Protect Client Information

Morgan Stanley has agreed to pay $1 million to settle charges with the SEC “related to its failures to protect customer information, some of which was hacked and offered for sale online.”  The order states that from August 2001 through December 2014, Morgan Stanley stored sensitive personal identifying information on two web applications stored on the company’s intranet.  According to the SEC, a firm employee misappropriated data regarding 730,000 customers.  In December 2014, Morgan Stanley discovered the breach during a routine internet sweep and took steps to remove the data from the internet and notified authorities.  The employee denied posting the information on the internet, and an investigation revealed that the employee’s own personal server was likely hacked.  The director of the SEC’s Division of Enforcement, Andrew Ceresney, said, “[g]iven the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection.  We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information.”