Wall Street giant Morgan Stanley announced on Monday it had terminated an employee it accused of stealing data, including account numbers, for as many as 350,000 clients in its wealth management division. The employee also allegedly posted personal account data for around 900 Morgan Stanley clients online.
The company immediately alerted law enforcement after it found out about the incident, and has found no evidence that any clients lost money, the brokerage firm noted in a statement Monday. Morgan Stanley said it found out about client account information for about 900 clients being posted on an external website and worked with law enforcement to have the information removed promptly.
Statement from Morgan Stanley
In its statement, the company noted: “Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the appropriate authorities to conduct and conclude a thorough investigation of this incident.”
More details on client data theft
Of note, Morgan Stanley didn’t name the fired employee. The firm is notifying all potentially affected clients, around 10% of its wealth-management customers, and has beefed up security on those accounts.
The stolen data did not include passwords or Social Security numbers, according to the company’s statement. Moreover, no bank account or credit-card data was taken, according to a Bloomberg source briefed on the investigation who asked not to be named.
An initial investigation into the matter suggests that the employee may have been trying to sell the stolen data, although it is not believed any third party received any of the data, according to the Bloomberg source.
Back in 2011, a brokerage at Morgan Stanley announced unencrypted compact discs containing tax information for 34,000 clients were “lost in transit to the New York State Department of Taxation and Finance”. An investigation after the 2011 incident determined there was no evidence the data had been misappropriated or misused.