Morgan Stanley (NYSE:MS) has agreed to a $6.5 million settlement with a group of state attorneys general, led by New York’s Letitia James, due to the investment firm’s negligence in properly decommissioning computers that contained unencrypted customer data. The oversight led to private consumer information being auctioned off and potentially exposed millions of customers, including approximately 1.1 million in New York.
The issue was uncovered when a purchaser of auctioned equipment found the sensitive data. An investigation revealed that Morgan Stanley hired an inexperienced moving company for the decommissioning of hard drives and servers, which resulted in the equipment being sold without erasing the private information. Additionally, during another decommissioning process, the firm discovered that 42 servers possibly containing unencrypted customer data were missing, attributed to a software encryption flaw.
As part of the settlement announced today, Morgan Stanley will implement several measures to strengthen its data security:
Read more at News.law