Morgan Stanley Reports Customer Data Breach

Wednesday, July 06, 2011



Morgan Stanley Smith Barney has notified as many as 34,000 clients about the loss of sensitive data including names, addresses, investment income earned in 2010, and tax identification numbers.

The data was stored on compact disks that were password protected, but the data itself was in an unencrypted format.

Morgan Stanley had mailed the data to the New York State Department of Taxation and Finance, which apparently had received the package intact. Sometime after receipt, the disks with the client information could not be located.

The department of taxation notified Morgan Stanley of the data loss on June 8, and the company reportedly searched for the lost disks for about two weeks before finally notifying affected clients on June 24.

A letter sent to customers that was obtained by provided the following information:

“We are writing to inform you of a recent security incident involving the sensitive information of certain Morgan Stanley Smith Barney account holders. Morgan Stanley was recently notified by the New York State Department of Taxation and Finance that two password-protected CD ROMs included in the package received from Morgan Stanley Smith Barney were missing from the package when it was delivered to the intended recipient within the Department."

"The CD ROMs included sensitive information about your account that was sent as a requirement to New York State after filing annual 1099 tax forms. The sensitive information on the password-protected CD-ROMs included names, addresses, Social Security numbers, Morgan Stanley Smith Barney account numbers and income earned on tax exempt bonds or funds you hold or held in 2010... There’s no evidence that there was any criminal intent here, or actual misuse of this information."

Morgan Stanley has offered to pay for credit monitoring services from Experian for some of the affected clients, and notified all affected that they may receive free credit reports from all three credit monitoring services.


Possibly Related Articles:
Data Loss Encryption Headlines Financial breach Consumers Morgan Stanley CD ROM
Post Rating I Like this!
Kelly Colgan Many people receive letters and just toss them...or worse, they panic. Here are some tips to ensure your information (especially if compromised), isn't being improperly used:

1. Read the notice carefully to learn what information may have been exposed and how. (Keep the notice in case you ever need to prove that your data was compromised through no fault of your own.)

2. If you're offered a year of free credit monitoring, take it.

3. Pay extra attention to your account and billing statements. Check for charges that aren't yours.

4. After about 30 days (long enough for fraudulent activity to show up), log on to to get a free copy of your credit report from each of the three major credit bureaus. Look for any unusual activity.

Kelly Colgan, Identity Theft 911
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.