What You Need to Know
- The breach affected a contractor that Morgan Stanley uses to track down owners of dormant accounts.
- The exposed information included customer names, dates of birth, Social Security numbers and company names but not passwords, the bank said.
- Morgan Stanley said the breach involved exploitation of a vulnerability in file-transfer software from Accellion Inc.
Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.
The bank said in a notice to affected clients that the cyber intrusion affected Guidehouse LLP, a consulting company that Morgan Stanley uses to find current addresses for clients of its stock-plan business whose accounts had been inactive for long periods of time and whose assets were at risk of being liquidated and turned over to the state.
The exposed information included customer names, dates of birth, Social Security numbers and company names but not passwords to access the accounts, the bank said.
The breach was previously reported by Bleeping Computer.