Morgan Stanley fined $35 million: 42 servers lost, data not encrypted

time:2022-09-27 05:16:36 source:scripttoolbox.com author:Power Supply
Morgan Stanley fined $35 million: 42 servers lost, data not encrypted

IT House reported on September 22 that the U.S. Securities and Exchange Commission has fined Morgan Stanley Smith Barney (MSSB) $35 million (about 247 million yuan) for failing to protect the personal identification of its customers within five years Information (PII). The SEC claims that not only did Morgan Stanley fail to destroy its clients' personal data from hard drives that were about to be retired, it also hired unqualified firms to help destroy the hard drives. The SEC found that back in 2015, Morgan Stanley failed to properly dispose of storage devices containing its customers' PII. The committee also found that in multiple cases, Morgan Stanley contracted with a “moving and storage company with no experience or expertise” for data destruction services to retire thousands of HDD drives containing millions of customers’ personal information and server. However, instead of destroying the hard drives and servers, the companies that signed the contracts sold them to third parties, who were then sold on the Internet. In the end, Morgan Stanley found 42 servers were lost or stolen by contract companies. In addition, Morgan Stanley's decommissioned devices are inherently encrypted, but the company hasn't activated the encryption software for years. IT House understands that, without admitting or denying its findings, Morgan Stanley agreed to the SEC's order that the company violated the safeguards and disposition rules under Regulation S-P and agreed to pay the aforementioned fine.

(Responsible editor:Graphics card)

Related content