Morgan Stanley agreed to pay $35m fine to US SEC, down from the original suggestions of $60m in January 2022, over allegations that they failed to secure customer data when disposing of hard drives.
Morgan Stanley has denied claims of liability.
It is suggested a third party auctioned the devices, without removing the data, and without adequate oversight by Morgan Stanley.
The data security issue is thought to have impacted around 15 million clients, between 2015 and 2020.
At least 42 data servers were defined as “missing”, without adequate encryption on the hard drives.
The destruction of assets, including data and hardware, is an important part of any security programme.
There’s also interesting implications for firms that are increasingly moving to “cloud” (other people’s servers) environments.
If you need help with your data security programme or asset disposals, contact us today: