Second Morgan Stanley Data Compromise in Four Years Exposes Customers’ Personal Information
Dating back to 2016, data exposures for one financial service company has led to over 14 million customers’ personally identifiable information (PII) left unprotected. A recent Morgan Stanley data compromise exposed names, account numbers, Social Security numbers, passport numbers, contact information, birth dates and asset value and holdings data. If bad actors were able to access any of this PII, customers could be at risk of multiple types of identity theft.
What Happened
According to the California Attorney General notice, the first Morgan Stanley data compromise dates back to 2016, when the company closed two data centers and decommissioned the computer equipment in both locations. Morgan Stanley says they contracted a vendor to remove the data from the devices. However, some devices were left with some unencrypted data. In the 2019 data incident, the second Morgan Stanley data compromise, Morgan Stanley disconnected and replaced a computer server in a local branch office, which had encrypted disks that could have included PII. However, the company could not locate that device during a recent inventory. The Attorney General’s notification says the manufacturer later informed Morgan Stanley of a software flaw that could have resulted in previously deleted data remaining on the disks in unencrypted form.
What Does This Mean for You?
If a fraudster can get a hold of the exposed PII, they could sign up for lines of credit (for credit cards, utilities, cell phones, etc.) They could also file for benefits in the victim’s name like taxes, state benefits, unemployment and much more.
Next Steps to Take
Right now, Morgan Stanley says no unusual activity has been spotted. However, the company is encouraging everyone who could be affected to enroll in free Identity Restoration Services through Morgan Stanley. Other tips for victims of the Morgan Stanley data compromise include:
- Place a freeze on your credit
- File your tax returns as quickly as possible
- Sign up for my Social Security Account to monitor your Earned Income Statement
The Morgan Stanley data compromise also serves as a reminder that all businesses, regardless of size, need to be extra diligent when decommissioning old equipment. If it is not done correctly, many of their customers, vendors and other stakeholders could be negatively impacted.
Victims of the Morgan Stanley data compromise can also call the Identity Theft Resource Center toll-free at 888.400.5530 to speak with an expert advisor about a resolution process and ways to keep their PII safe. Live-chat with an advisor on the ITRC’s website. Finally, affected individuals can download the free ID Theft Help app to get direct access to advisors, track the steps in managing their breach case, helpful resources and much more.
You might also like…
Being Able to Identify a Phishing Attack is More Important Now Than Ever
Netflix Email Phishing Scam Could Steal Credit Card Information
Hacked Dating Apps are a Popular Target for Social Engineering Scams
How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.
Get ID Theft News
Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center