Morgan Stanley unit fined $35M for mishandling customer data
By 
Adrianne Appel2022-09-20T18:40:00
Morgan Stanley Smith Barney (MSSB) agreed to pay $35 million to settle Securities and Exchange Commission (SEC) charges it repeatedly disregarded the safeguarding of clients’ personal data.
The personally identifiable information of approximately 15 million MSSB customers was made vulnerable over a five-year period, beginning in 2015, because of failures by the firm to protect it, the SEC said in a press release Tuesday. MSSB is a wholly owned subsidiary of Morgan Stanley.
The trouble began when MSSB did not encrypt the personal data of customers stored on computer servers and hard drives, the SEC alleged. In 2016, the firm decommissioned two data centers and didn’t properly dispose of its computer servers and hard drives, the agency said.
Related articles
-
News BriefFINRA fines Morgan Stanley $1M for alleged documentation failures
The Financial Industry Regulatory Authority fined broker-dealer Morgan Stanley $1 million over alleged documentation failures related to risk management controls and supervisory procedures involving violations of the Market Access Rule.
-
News BriefSEC amends Reg S-P to require data breach notification within 30 days
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
-
News BriefMorgan Stanley settles with states for $6.5M over mishandled data
Morgan Stanley agreed to pay $6.5 million as part of a settlement with six states requiring the firm to strengthen its data security after actions it took compromised the personal data of millions of customers.
More from Regulatory Enforcement
-
News BriefDOJ and CFTC close investigations into crypto betting platform Polymarket, report says
The U.S. Department of Justice (DOJ) and the Commodity Futures Trading Commission (CFTC) reportedly ended two investigations into Polymarket, a popular online crypto betting service that calls itself a “prediction market.” The move continues the Trump administration’s pro-crypt agenda.
-
News BriefFTC fines telehealth firm over deceptive weight-loss claims and fake reviews
The U.S. Federal Trade Commission said it has settled with telemedicine service Southern Health Solutions, Inc. over allegations the company used deceptive pricing and weight-loss claims, along with fake reviews and testimonials, to sell its weight-loss programs.
-
ArticleU.K. extends bullying and harassment rules to 37,000 financial services firms
Serious bullying and harassment count as misconduct in regulated financial services firms, per a July 1 clarification by the U.K. Financial Conduct Authority, which said non-financial misconduct rules now applied only to banks will extend to 37,000 more firms starting September 1, 2026.