The Securities and Exchange Commission (SEC) has ordered Morgan Stanley to pay a $35 million fine to settle data security allegations. According to the allegations, one of Morgan Stanley's units failed to secure the personal data of millions of customers when replacing hard drives and servers.
According to the SEC, Morgan Stanley improperly disposed of thousands of devices without checking that customer data had been deleted. The firm's failure to delete customer data resulted in nearly 15 million client details being compromised over five years, beginning in 2015.
The SEC shared that the violation occurred because Morgan Stanley hired an inexperienced moving company and failed to monitor the company's work. Morgan Stanley recovered some of the devices with thousands of pieces of unencrypted customer data. However, the vast majority of the devices were not found, according to AdvisorHub. Morgan Stanley's failure to supervise the outside vendor led to the sale of at least 4,900 information technology assets, including unwiped hard drives, some of which, cumulatively, contained thousands of pieces of its client data.
The SEC said that Morgan Stanley violated safeguards and disposal rules. Morgan Stanley agreed to pay the fine and settle the case without admitting or denying the allegations.
Financial Advisor Transitions consults advisors nationwide to explore employment transition options and to preserve and protect their practice in any transition that they make.
