GAMBIT MAGAZINE

Entertainment Unfiltered

Morgan Stanley Forgot To Wipe Customer Data From Old Hard Drives Before Dumping Them

B. Simmons September 22, 2022 in Tech Tagged , , , , - 2 Minutes
Morgan Stanley

First rule of hard drives: wipe the drives before getting rid of them.

It’s not necessarily every day a major firm creates a complete mess of their customer data. But it did happen with the investment firm Morgan Stanley Wealth Management (at the time known as Morgan Stanley Smith Barney). And it’s such a mess that the SEC has launched an investigation into the situation.

For a 5 year period starting in 2015, Morgan Stanley contracted a moving and storage company to discard their decommissioned hard drives. There were just three problems with this course of action:

  1. Morgan Stanley did not so much as attempt to wipe the drives of customer data (possibly their biggest mistake in the whole affair)
  2. Morgan Stanley did not encrypt any of the data on these drives at any point
  3. The company they hired had “no experience or expertise in data destruction services,” (according to the SEC)

While those first two are the biggest point of failure, here, the last is perhaps the most important. The SEC found that the company didn’t bother to wipe the drives, either. Even worse, they simply sold the drives to a third party, which in turn auctioned the drives off with that customer data intact. Most of the drives sold in this fashion are still unrecovered. As the SEC states:

A records reconciliation exercise undertaken by the firm during this decommissioning process revealed that 42 servers, all potentially containing unencrypted customer PII and consumer report information, were missing. Moreover, during this process, MSSB also learned that the local devices being decommissioned had been equipped with encryption capability, but that the firm had failed to activate the encryption software for years.

To put it bluntly, Gurbir S. Grewal, Director of the SEC’s Enforcement Division, was appalled:

MSSB’s failures in this case are astonishing. Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so. If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors. Today’s action sends a clear message to financial institutions that they must take seriously their obligation to safeguard such data.

Gurbir S. Grewal

We legitimately live in a world where an investment firm has a lower level of infosec than Ted.

READ:  YouTube adds support for HDR videos

Source: PC Mag

About Author

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT’s resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

See author's posts

Related Posts

ZOTAC GAMING Offers Massive Discounts During Amazon Gaming Week
April 30, 2024
Delta
Free Delta Emulator Now Available For iOS On The App Store
April 17, 2024
Windows 11
Windows 11 Start Menu To Slowly Get More Infested By Ads At Microsoft’s Behest
April 17, 2024

B. Simmons

Based out of Glendale California, Bryan is a GAMbIT's resident gaming contributor. Specializing in PC and portable gaming, you can find Bryan on his 3DS playing Monster Hunter or at one of the various conventions throughout the state.

Learn More →

You May Have Missed!

2 MinutesXbox 360
Video Games
Big Xbox 360 Sale featuring Non-Backwards-Compatible Games Ahead Of Impending Store Shutdown
May 14, 2024
5 MinutesRainbow Cotton Review
Game Reviews
Rainbow Cotton Remaster Review
May 10, 2024
3 MinutesEA
Video Games
EA Studios “Hunger” For The Chance To Start Using Generative AI, Says CEO
May 9, 2024
1 Minute
Movies Television News
Disney and Warner Bros. Discovery Announce Disney+, Hulu, Max Bundle
May 8, 2024