The Business-Technology Weave

Jul 6 2011   5:50PM GMT

Data Breach at Morgan Stanley: 34,000 customers at risk

David Scott David Scott Profile: David Scott

 

From Morgan Stanley comes word that two unencrypted CDs have gone missing.  They were sent, and actually delivered – to a government tax office; the New York State Department of Taxation and Finance.

 

However, apparently the package containing the CDs has either gone missing from the desk of the recipient – or – the package arrived at the desk, seemingly intact, but did not contain the expected CDs… depending on what article you read.  One thing seems fairly certain, being that Morgan Stanley has issued an apology and warning:  The two CDs were sent, did not reach the intended recipient, and are missing.

 

The CDs are password protected, but that’s mere child’s play these days for anyone who wants to break a password.  The idea that these sensitive discs, by virtue of very sensitive data, were not encrypted is quite hard to believe.  Someone was either too lazy to follow a protocol and perform the encryption, or – worse, Morgan Stanley has lax policy and standards regarding encryption and protection of data.

 

If one person is remiss that’s – literally – one thing.  That person can be disciplined, trained, or fired.  However, if there’s lagging policy and standards regarding data protection, handling (certified mail anyone?  Secure courier service?… etc.), and encryption – then that’s indicative of a systemic, organizational, fall down.  It’s time for a complete survey of business and IT practices, training programs, and day-to-day standards and comprehensions at Morgan Stanley.

 

It’s 2011.

 

The bank has had to notify customers that, at the least, names, addresses, earned income on investments, and tax ID numbers may be compromised.  Social security numbers frequently serve as tax ID numbers, and Morgan Stanley has offered a year of credit monitoring services for clients whose SSNs were exposed.

 

Morgan Stanley was notified on June 8th that the CDs were missing.  An exhaustive search was made through all facilities the CDs and associated package passed through – however, it wasn’t until June 24th that Morgan Stanley notified customers – via mail.

 

Remember:  Your number one asset is your reputation… your next asset is your customers.  Without those, your employees don’t have much reason to show up.  Take a look at your business processes and associated security – now.

 

On this day:  On July 6th, 1924, the first photograph was sent across the Atlantic by radio, from the US to England.

 

 

 

 

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: