Federal regulators in the United States filed an indictment against Morgan Stanley last Tuesday, September 20, claiming that unbelievable failures eventually led to the incorrect movement of confidential data of approximately 15 million customers of institution. The fine, of US$ 35 million, was applied by the Securities and Exchange Commission (SEC), considered as the CVM of United States due to extensive failures to protect its customers' personally identifiable information.
Read more: Check out the most researched banks when it comes to credit cards
see more
Large Brazilian banks, such as Bradesco and Caixa, are the target of malware…
Alert: these are the dangers of paying the minimum on your credit card bill…
Since approximately 2015, Morgan Stanley has failed to properly dispose of devices that had sensitive customer information and data, as requested in agreement.
As described by the SEC, Morgan Stanley bank hired a moving company, which had no experience or knowledge in the part of data destruction, in order to deactivate thousands of hard disks and servers that stored the information of its clients. That company later sold thousands of Morgan Stanley devices to third parties, and some of the items that were sold also contained personally identifiable information from former customers of the Bank.
It is worth noting that even after being sold, the products were also resold on an auction site in internet, being the same products that did not have confidential data removed as requested by the agreement. Some devices were recovered by the bank, containing “thousands of unencrypted customer data”, according to SEC information.
Morgan Stanley's "failures in this case are staggering," Gurbir Grewal, director of the SEC's Enforcement Division, said in a statement. “If not properly protected, this confidential information could end up in the wrong hands and have disastrous consequences for investors,” he added.
In addition to hard drives and servers, it was also discovered by the SEC that Morgan Stanley was unsuccessful in protecting customer data and being able to properly dispose of customer reporting information, even as the company shut down local servers and their branches. It was also possible, in an analysis, to discover 42 servers, where all contained potentially unencrypted data and consumer reporting information, where it appeared as “absent”. The bank agreed to pay the fine without taking the blame or denying whatever the conclusions of the settlement.
Lover of movies and series and everything that involves cinema. An active curious on the networks, always connected to information about the web.
