This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Morgan Stanley admits to loss of unencrypted CDs

Share this article:

Morgan Stanley Smith Barney has admitted that CDs containing unencrypted information of 34,000 customers have been lost.

The information related to tax and were lost in transit to the New York State department of taxation and finance, according to Bloomberg. Those affected were notified last month and were told that the information contained some clients' account numbers and social security numbers, as well as interest earned on tax-exempt bonds and funds.

Morgan Stanley spokesperson Jim Wiggins said: “We've seen no evidence of criminal intent or actual misuse of this information. We were informed that the package appeared to be intact when it was received at the department, but when it was delivered internally to the intended recipient, the CDs were not there.”

A further joint search with the taxation department and the US postal service also failed to locate the CDs.

Chris McIntosh, CEO of ViaSat UK, said: “Disks are notoriously easy to lose and so every precaution must be taken to safeguard against accidental loss, especially when they include details such as social security and account numbers. The important lesson is that the value of information stored on these disks potentially runs into the hundreds of thousands of dollars, and it would have cost proportionately very little to either encrypt the data stored on these disks, or alternatively use an even more secure storage medium such as a fully encrypted USB drive.

“Although Morgan Stanley has declared they are exploring how to improve the security of data transmissions, they should have already been encrypting information as standard. Large companies like this need to take more measures to protect information otherwise they risk losing out both in terms of retaining customers and reputation, let alone any fines or other penalties that may still be to come.”

Mohan Koo, managing director of Dtex Systems, said that he believed this to be a sign that financial services organisations have the wrong attitude to securing client data, as despite investment in complex security, they are taking their eye off basic security when moving data around.

He said: “The recent announcement by Morgan Stanley should worry a lot of people. Not just because it's the next in a long line of data slip-ups and not just because it was so easy to avoid, but because it is a demonstration that financial services organisations are not watching what happens inside their systems as closely as they should.

“Of all the industries involved in handling personal data, organisations in the finance space should have total visibility of how data is moved and handled by their teams because the information they carry offers the greatest potential threat to people's money.

“This incident should be a wake-up call for all financial services organisations that if they don't know what their users are doing with data and cannot detect when proper security practices are being bypassed, then they will not be trusted to handle valuable personal financial information.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.