Morgan Stanley Fined $35 Million For Security Lapses

By   ISBuzz Staff
Editorial Team , Information Security Buzz | Sep 22, 2022 10:17 am PST

It has been announced that Morgan Stanley has agreed to pay a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centres being resold on auction sites without first being wiped.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jordan Schroeder
Jordan Schroeder , Managing CISO
InfoSec Expert
September 22, 2022 6:18 pm

This is an astonishing security mistake by one of the world’s most prestigious banks, who would be expected to have well-established procedures in system life cycle management.

Not only does the situation mean that the bank put customer data at risk, but it also demonstrates the organisation was not following an expected policy which explained the secure disposing of IT equipment. Such a large fine, and the impact to Morgan Stanley customers, is an avoidable consequence.

Other businesses must use this case as an example of why it is critical to have processes in place on how to properly dispose of IT equipment. IT systems hold confidential information, so working with a trusted provider than can destroy data without putting it at risk is essential.

Any company that doesn’t do this will find itself breaching GDPR and other privacy regulations and could face similar fines.

Last edited 8 months ago by jordan.schroeder

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x