This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Morgan Stanley admits to loss of unencrypted CDs

Share this article:

Morgan Stanley Smith Barney has admitted that CDs containing unencrypted information of 34,000 customers have been lost.

The information related to tax and were lost in transit to the New York State department of taxation and finance, according to Bloomberg. Those affected were notified last month and were told that the information contained some clients' account numbers and social security numbers, as well as interest earned on tax-exempt bonds and funds.

Morgan Stanley spokesperson Jim Wiggins said: “We've seen no evidence of criminal intent or actual misuse of this information. We were informed that the package appeared to be intact when it was received at the department, but when it was delivered internally to the intended recipient, the CDs were not there.”

A further joint search with the taxation department and the US postal service also failed to locate the CDs.

Chris McIntosh, CEO of ViaSat UK, said: “Disks are notoriously easy to lose and so every precaution must be taken to safeguard against accidental loss, especially when they include details such as social security and account numbers. The important lesson is that the value of information stored on these disks potentially runs into the hundreds of thousands of dollars, and it would have cost proportionately very little to either encrypt the data stored on these disks, or alternatively use an even more secure storage medium such as a fully encrypted USB drive.

“Although Morgan Stanley has declared they are exploring how to improve the security of data transmissions, they should have already been encrypting information as standard. Large companies like this need to take more measures to protect information otherwise they risk losing out both in terms of retaining customers and reputation, let alone any fines or other penalties that may still be to come.”

Mohan Koo, managing director of Dtex Systems, said that he believed this to be a sign that financial services organisations have the wrong attitude to securing client data, as despite investment in complex security, they are taking their eye off basic security when moving data around.

He said: “The recent announcement by Morgan Stanley should worry a lot of people. Not just because it's the next in a long line of data slip-ups and not just because it was so easy to avoid, but because it is a demonstration that financial services organisations are not watching what happens inside their systems as closely as they should.

“Of all the industries involved in handling personal data, organisations in the finance space should have total visibility of how data is moved and handled by their teams because the information they carry offers the greatest potential threat to people's money.

“This incident should be a wake-up call for all financial services organisations that if they don't know what their users are doing with data and cannot detect when proper security practices are being bypassed, then they will not be trusted to handle valuable personal financial information.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.