Close Close

Industry Spotlight > Wirehouse Firms

Morgan Stanley Fires Employee Accused of Stealing Client Data

Your article was successfully shared with the contacts you provided.

Morgan Stanley fired an employee it said stole data, including account numbers, for as many as 350,000 wealth management clients and posted some of the information online.

The bank alerted law enforcement and found no evidence that clients lost any money, New York-based Morgan Stanley said today in a statement. The firm said it detected account information for about 900 clients on an external website and “promptly” had it removed.

“Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the appropriate authorities to conduct and conclude a thorough investigation of this incident,” the company said in the statement.

Banks are spending more to protect client data as hacking attacks increase and technology makes dissemination and use of data potentially more widespread. Government agencies and regulators around the world are urging greater vigilance to counter cybercrime after an attack against JPMorgan Chase & Co. last year compromised personal information of about 76 million households.

Morgan Stanley didn’t name the fired employee. The bank said it’s notifying all potentially affected clients, which represent about 10 percent of its wealth management customers, and enhancing security on those accounts. The Federal Bureau of Investigation’s New York office is investigating the matter, according to a person familiar with the matter who didn’t want to be identified because the probe isn’t public.

The information didn’t include passwords or Social Security numbers, according to the statement. Bank account and credit- card data also weren’t compromised, according to a person briefed on the bank’s investigation who asked not to be named because the probe is ongoing.

Application Disabled

The bank’s inquiry found the employee may have been seeking to sell the stolen information, though there was no evidence any third party received it, according to the person. The firm has disabled the application used to access the data, the person said.

In 2011, Morgan Stanley’s brokerage unit said unencrypted compact discs containing tax information for 34,000 clients were lost in transit to the New York State Department of Taxation and Finance. The firm said at the time it found no evidence the data was misused.

— Check out Top 10 Cybersecurity Trends for Financial Services in 2015 on ThinkAdvisor.