Morgan Stanley unit fined $35M for mishandling customer data
By 
Adrianne Appel2022-09-20T18:40:00
Morgan Stanley Smith Barney (MSSB) agreed to pay $35 million to settle Securities and Exchange Commission (SEC) charges it repeatedly disregarded the safeguarding of clients’ personal data.
The personally identifiable information of approximately 15 million MSSB customers was made vulnerable over a five-year period, beginning in 2015, because of failures by the firm to protect it, the SEC said in a press release Tuesday. MSSB is a wholly owned subsidiary of Morgan Stanley.
The trouble began when MSSB did not encrypt the personal data of customers stored on computer servers and hard drives, the SEC alleged. In 2016, the firm decommissioned two data centers and didn’t properly dispose of its computer servers and hard drives, the agency said.
Related articles
-
News BriefFINRA fines Morgan Stanley $1M for alleged documentation failures
The Financial Industry Regulatory Authority fined broker-dealer Morgan Stanley $1 million over alleged documentation failures related to risk management controls and supervisory procedures involving violations of the Market Access Rule.
-
News BriefSEC amends Reg S-P to require data breach notification within 30 days
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
-
News BriefMorgan Stanley settles with states for $6.5M over mishandled data
Morgan Stanley agreed to pay $6.5 million as part of a settlement with six states requiring the firm to strengthen its data security after actions it took compromised the personal data of millions of customers.
More from Regulatory Enforcement
-
ArticleSan Francisco firm pays $11.4M for alleged Russia-related sanctions violations
A San Francisco-based private equity firm has agreed to pay $11.4 million to settle allegations it violated U.S. sanctions rules by handling investments for a sanctioned Russian oligarch.
-
ArticleCompany agrees to report to FTC for 10 years for alleged student data lapses
A tech company that stores student information for schools has agreed to implement a data security program and report to the Federal Trade Commission for 10 years, after security failures led to data for 10 million students being breached.
-
ArticleLarge wound care practice pays $45M, agrees to monitoring
One of the largest wound care practices in the nation and its founder have agreed to pay $45 million and be subjected to third-party monitoring, to settle allegations that the business intentionally overbilled Medicare by priming its electronic medical records system to do so.