EXCLUSIVE: Morgan Stanley Tells Customers of Potential Data Compromise
Morgan Stanley is offering some current and former wealth management customers a two-year free subscription to a credit report monitoring service to compensate for the potential compromise of personal data that was being stored on decommissioned hardware.
In a memo sent Thursday afternoon to the firm’s 15,400 brokers, field management head Vince Lumia said the issue stems from two data centers closed in 2016. Some servers and other hardware sold to recyclers after a vendor was hired to scrub the devices had some client data extant, he explained.
“[W]e concluded that it would be very difficult for anyone to access or misuse the data, given what we believe subsequently happened to those devices and the fact that many of the devices had design features that made it unlikely that data was accessed or misused,” Lumia wrote. “We have continuously monitored the situation—looking not only for data associated with our current clients, but any information indicating a breach of Morgan Stanley client data—and have not detected any unauthorized activity related to the incident.”
Morgan Stanley on Friday began contacting customers whose data may have remained on the devices as of Jan 31, 2016, offering the two-year subscription to their Experian credit reports “out of an abundance of caution,” said a person familiar with the events.
Such free credit-tracking offers often follow data breaches and are sometimes mandated by regulators, though the person emphasized that the hardware recycling incident has not involved hacking or compromised data and has not held up Morgan Stanley’s pending $13 billion acquisition of E*Trade Financial Corp.
Morgan Stanley is considering appropriate legal action against the firm hired to scrub the data, the person said, declining to name the vendor.
“The Capitol Forum,” which publishes legal analysis newsletters, disclosed the hardware scrubbing mistake in March, reporting that it could have prompted a delay in the E*Trade deal.
A Morgan Stanley spokeswoman declined to comment on how many current and former customers are receiving notifications.
Lumia’s email to his wealth management staffers came only hours before another embarrassing incident.
June commissions that were directly deposited into advisors’ Morgan Stanley Bank accounts on Friday were almost instantly withdrawn because of an issue involving pay vendor Automatic Data Processing, according to several advisors and other insiders.
Some advisors complained of negative balances because of pre-scheduled mortgage and other payments due on the tenth of the month that they had expected to be covered.
ADP informed Morgan Stanley Friday afternoon that it had resolved the technical issue and expected to transmit the deposits in the evening for availability by Saturday morning, said a person familiar with the issue.