It has been announced that Morgan Stanley has agreed to pay a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centres being resold on auction sites without first being wiped.
It has been announced that Morgan Stanley has agreed to pay a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centres being resold on auction sites without first being wiped.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This is an astonishing security mistake by one of the world’s most prestigious banks, who would be expected to have well-established procedures in system life cycle management.
Not only does the situation mean that the bank put customer data at risk, but it also demonstrates the organisation was not following an expected policy which explained the secure disposing of IT equipment. Such a large fine, and the impact to Morgan Stanley customers, is an avoidable consequence.
Other businesses must use this case as an example of why it is critical to have processes in place on how to properly dispose of IT equipment. IT systems hold confidential information, so working with a trusted provider than can destroy data without putting it at risk is essential.
Any company that doesn’t do this will find itself breaching GDPR and other privacy regulations and could face similar fines.