Morgan Stanley Fined $35 Million For Security Lapses

By   ISBuzz Team
Writer , Information Security Buzz | Sep 22, 2022 10:17 am PST

It has been announced that Morgan Stanley has agreed to pay a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centres being resold on auction sites without first being wiped.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Jordan Schroeder
Jordan Schroeder , Managing CISO
September 22, 2022 6:18 pm

This is an astonishing security mistake by one of the world’s most prestigious banks, who would be expected to have well-established procedures in system life cycle management.

Not only does the situation mean that the bank put customer data at risk, but it also demonstrates the organisation was not following an expected policy which explained the secure disposing of IT equipment. Such a large fine, and the impact to Morgan Stanley customers, is an avoidable consequence.

Other businesses must use this case as an example of why it is critical to have processes in place on how to properly dispose of IT equipment. IT systems hold confidential information, so working with a trusted provider than can destroy data without putting it at risk is essential.

Any company that doesn’t do this will find itself breaching GDPR and other privacy regulations and could face similar fines.

Last edited 1 year ago by jordan.schroeder

Recent Posts

Would love your thoughts, please comment.x