Morgan Stanley to pay $35 million fee for ‘astonishing’ customer data disposal practices

Jonathan Greig reports:

Morgan Stanley will pay a $35 million penalty to settle charges from the U.S. Securities and Exchange Commission for wide-ranging failures around properly disposing of hard drives and servers containing the personal information of some 15 million customers.

The company did not respond to requests for comment, but the SEC said in an order released Tuesday that the fines are centered around the privacy practices of its U.S. wealth management business — Morgan Stanley Smith Barney (MSSB).

Read more at The Record.

If you search DataBreaches.net for “Morgan Stanley,” you will find a number of reports, including one from earlier this year about a $60 million fine to settle a lawsuit about improper disposal by a vendor between 2016 and 2019.

UN Cybercrime Convention to be signed in Hanoi to tackle global offences
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Confidence in ransomware recovery is high but actual success rates remain low
Protected health information of 462,000 members of Blue Cross Blue Shield of Montana involved in Conduent data breach
Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted

Related: