Morgan Stanley Smith Barney has notified as many as 34,000 clients about the loss of sensitive data including names, addresses, investment income earned in 2010, and tax identification numbers.
The data was stored on compact disks that were password protected, but the data itself was in an unencrypted format.
Morgan Stanley had mailed the data to the New York State Department of Taxation and Finance, which apparently had received the package intact. Sometime after receipt, the disks with the client information could not be located.
The department of taxation notified Morgan Stanley of the data loss on June 8, and the company reportedly searched for the lost disks for about two weeks before finally notifying affected clients on June 24.
A letter sent to customers that was obtained by Credit.com provided the following information:
“We are writing to inform you of a recent security incident involving the sensitive information of certain Morgan Stanley Smith Barney account holders. Morgan Stanley was recently notified by the New York State Department of Taxation and Finance that two password-protected CD ROMs included in the package received from Morgan Stanley Smith Barney were missing from the package when it was delivered to the intended recipient within the Department."
"The CD ROMs included sensitive information about your account that was sent as a requirement to New York State after filing annual 1099 tax forms. The sensitive information on the password-protected CD-ROMs included names, addresses, Social Security numbers, Morgan Stanley Smith Barney account numbers and income earned on tax exempt bonds or funds you hold or held in 2010... There’s no evidence that there was any criminal intent here, or actual misuse of this information."
Morgan Stanley has offered to pay for credit monitoring services from Experian for some of the affected clients, and notified all affected that they may receive free credit reports from all three credit monitoring services.