- Joined
- May 5, 2013
- Messages
- 148
- Points
- 0
Morgan Stanley fires employee who ‘stole account data from 350,000 clients’
PUBLISHED : Tuesday, 06 January, 2015, 11:01am
UPDATED : Tuesday, 06 January, 2015, 11:01am
Reuters
Morgan Stanley says that about 10 per cent of its wealth management clients may have had their data stolen. Photo: AP
Morgan Stanley has fired an employee for allegedly stealing account information from as many as 350,000 of its wealth management clients and posting some of it on the Internet, the bank said in a statement.
The bank discovered the theft and disclosure of some of the client data on a website on Dec. 27 as part of a routine Internet sweep and quickly got the information taken down, a person familiar with the matter said on Monday.
Morgan Stanley said there is no evidence any clients lost money as a result of the data breach and that sensitive information like passwords or Social Security numbers was not included in the online post.
The former employee publicized information of about 900 clients, including names and account numbers, in what appeared to be an advertisement to sell data to a party who would be willing to pay for it, the person said.
Account numbers for the 900 clients have since been changed, and Morgan Stanley has been notifying affected clients about the data theft.
Morgan Stanley’s investigation into the matter is ongoing, and the bank declined to name the employee or the website. It has referred the matter to regulators and law enforcement authorities, who are conducting separate investigations.
However, a lawyer for the employee identified him as Galen Marsh, 30, and said that he never intended to sell the information and “is extremely sorry for his conduct”.
Marsh “acknowledged that he should not have obtained the account information and has been cooperating with Morgan Stanley to protect the firm and its customers,” his lawyer, Robert C. Gottlieb of Gottlieb and Gordon LLP, told Bloomberg in a phone interview.
While the former employee posted some data on about 900 wealth management clients, he downloaded more information on about 350,000, or around 10 percent of the bank’s total, Morgan Stanley said.
But Bloomberg reported Gottlieb as saying Marsh “did not sell nor ever intend to sell any account information whatsoever”.
“He did not post the information online. He did not share any account information with anyone nor use it for any financial gain. He is devastated by what has occurred and is extremely sorry for his conduct.”
The lawyer declined to comment to Bloomberg about why his client obtained the data.
Data security has become an increasingly big risk and budget item for major financial firms in recent years. Though the focus has largely been on risks posed by external hackers, some experts say inside sources can be just as big of a threat.
For instance, the cybersecurity firm Norse says it suspects a Sony insider might have helped launch the recent attack that led to the disclosure of embarrassing internal emails, among other data.
It was not immediately clear how the Morgan Stanley employee was able to breach compliance protocol to steal the client information and post it on the Web.
The person familiar with the matter, who was not authorized to speak publicly, said the former employee used an outside application to post the data externally. The bank has since restricted employee access to that application.
