Banking giant pays $6.5M for data breach. In CT, 200,000+ had personal information exposed

Kenneth R. Gosselin, Hartford Courant

November 16, 2023 at 2:21 PM·3 min read

Connecticut will share in a $6.5 million settlement with Morgan Stanley to resolve a complaint the investment banking giant compromised the personal information of its clients because of negligent internal data security practices.

In Connecticut, 220,000 Morgan Stanley clients were affected. The settlement is being shared with five other states, with Connecticut receiving $754,000. The proceeds will go into the state’s general fund.

Connecticut Attorney William Tong said there was a breakdown in security practices when old computer devices were decommissioned and there was a failure to erase unencrypted data that exposed the personal information of millions of consumers.

“Morgan Stanley failed to employ basic data security measures when selling-off old computer devices,” Tong said, in a release. “Their negligence exposed personal data for hundreds of thousands of their Connecticut customers. In addition to a substantial payment, our settlement today forces Morgan Stanley to commit to a series of strong data security measures to ensure these careless errors do not occur again.”

In a statement, a Morgan Stanley spokesperson said: ““We have previously notified all potentially impacted clients regarding these matters, which occurred several years ago, and are pleased to have resolved this related investigation.”

As far back as 2015, Tong said, Morgan Stanley failed to properly dispose of devices containing its customers’ personal information by hiring a moving company with no experience in data destruction services. The company, Tong said, failed to monitor the moving company’s work, and the computer equipment was sold via internet auctions, some of which contained customer data. The company was not alerted to the problem until a downstream purchaser discovered the data and called the company, Tong said.

In a second incident, a records reconciliation exercise undertaken by the company during a decommissioning process revealed that 42 servers, all potentially containing unencrypted customer information, were missing, Tong said.

The investigation finds that Morgan Stanley had failed to maintain adequate vendor controls and hardware inventories, and that had these controls been in place, both data security events could have been prevented.

The security incident at Morgan Stanley, which first surfaced in media reports in 2020, was not related to an external hack or breach.

The settlement agreement also calls for Morgan Stanley to:

• Maintain a comprehensive information security program that includes regular updates that are necessary to reasonably protect the privacy, security, and confidentiality of personal information;

• Maintain an incident response plan that documents incidents and actions taken in relation to the incidents;

• Maintain a written policy that governs the collection, use, retention, and disposal of consumers’ personal information;

• Encrypt all personal information, whether stored or transmitted, between documents, databases, or elsewhere;

• Employ a manual process and automated tools to keep track of locations of all hardware that contains personal information;

• Maintain a vendor risk assessment team to assess and monitor that their vendors are in compliance with Morgan Stanley’s data security requirements.

Connecticut was joined in settlement by New York, Florida, Indiana, New Jersey and Vermont.

Kenneth R. Gosselin can be reached at kgosselin@courant.com.

Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
Yahoo Sports
Kentucky Derby: Mystik Dan wins in three-horse photo finish, outruns favorite Fierceness in stunning upset
The 150th Kentucky Derby produced yet another magnificent two-minute spectacle.
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
Yahoo Sports
Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns
Ball hasn't played since the 2021-22 season.
Yahoo Sports
Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert
The Timberwolves' rising superstar led Minnesota to a Game 1 victory over Denver, then reminded the world that he's 22, not 23 ... yet.
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
Yahoo Sports
The best QBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first quarterback rankings for the 2024 NFL season.
Yahoo Sports
Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans
Caitlin Clark fans beware: You never know what the 20-year veteran might say … or do.
Yahoo Sports
Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía
Canelo Álvarez is set to defend his title against undefeated Jaime Munguía on Saturday in Las Vegas.
Autoblog
Why did Musk ax the Supercharger team?
Elon Musk’s decision to dismiss much of Tesla’s Supercharger team this week came as a shock. A look at possible reasons why he did it.
Yahoo Sports
Fantasy Baseball Waiver Wire: 7 pickups ready to improve your squad
Andy Behrens has a fresh batch of priority adds to help give your fantasy team a boost, led by a player set to make his season debut.
Yahoo Sports
Caitlin Clark catches fire from 3 in WNBA preseason debut; Arike Ogunbowale's late heroics send Wings past Fever
Caitlin Clark’s WNBA preseason debut went much like her senior year at Iowa. She hit a bunch of 3s and did so in front of a sold-out crowd.
Yahoo Sports
Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46
The Seminoles lost 23-16 to Tennessee in the first-ever BCS title game.
Yahoo Sports
UFC 301: Alexandre Pantoja survives bloody wounds and bad advice to retain flyweight belt vs. Steve Erceg
A challenger with less than a year of UFC experience gave Pantoja plenty of problems. And wounds.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Banking giant pays $6.5M for data breach. In CT, 200,000+ had personal information exposed

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Former NBA guard Darius Morris dies at 33

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

Kentucky Derby: Mystik Dan wins in three-horse photo finish, outruns favorite Fierceness in stunning upset

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

NFL Draft grades for all 32 teams | Zero Blitz

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns

Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert

CVS stock plunges after earnings numbers one analyst 'did not even believe'

The best QBs for 2024 fantasy football according to our analysts

Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans

Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía

Why did Musk ax the Supercharger team?

Fantasy Baseball Waiver Wire: 7 pickups ready to improve your squad

Caitlin Clark catches fire from 3 in WNBA preseason debut; Arike Ogunbowale's late heroics send Wings past Fever

Ex-Florida State QB and 1999 Fiesta Bowl starter Marcus Outzen dies at 46

UFC 301: Alexandre Pantoja survives bloody wounds and bad advice to retain flyweight belt vs. Steve Erceg