Morgan Stanley Reports Breach of Stock-Plan Client Data

Morgan Stanley on Thursday disclosed that a data breach at one of its contractors led to the theft of personal information about some customers whose stock accounts had gone dormant.

The bank said in a notice to affected clients that the cyber intrusion affected Guidehouse LLP, a consulting company that Morgan Stanley uses to find current addresses for clients of its stock-plan business whose accounts had been inactive for long periods of time and whose assets were at risk of being liquidated and turned over to the state.

The exposed information included customer names, dates of birth, Social Security numbers and company names but not passwords to access the accounts, the bank said.

The breach was previously reported by Bleeping Computer.

Morgan Stanley said Guidehouse discovered the breach in May and that it involved exploitation of a vulnerability in file-transfer software from Accellion Inc., whose products have been the target of a range of advanced attacks that were discovered in December.

“The protection of client data is of the utmost importance and is something we take very seriously,” Morgan Stanley said in a statement. It declined to comment on how many clients were affected. “We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients.”

Guidehouse didn’t immediately respond to messages on Thursday.

(Photo: Bloomberg)

Copyright 2021 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.