Posted by: David Scott
content management, data breach, data encryption, data management, morgan stanley, morgan stanley data breach, secure transmission of data, security policy
From Morgan Stanley comes word that two unencrypted CDs have gone missing. They were sent, and actually delivered – to a government tax office; the New York State Department of Taxation and Finance.
However, apparently the package containing the CDs has either gone missing from the desk of the recipient – or – the package arrived at the desk, seemingly intact, but did not contain the expected CDs… depending on what article you read. One thing seems fairly certain, being that Morgan Stanley has issued an apology and warning: The two CDs were sent, did not reach the intended recipient, and are missing.
The CDs are password protected, but that’s mere child’s play these days for anyone who wants to break a password. The idea that these sensitive discs, by virtue of very sensitive data, were not encrypted is quite hard to believe. Someone was either too lazy to follow a protocol and perform the encryption, or – worse, Morgan Stanley has lax policy and standards regarding encryption and protection of data.
If one person is remiss that’s – literally – one thing. That person can be disciplined, trained, or fired. However, if there’s lagging policy and standards regarding data protection, handling (certified mail anyone? Secure courier service?… etc.), and encryption – then that’s indicative of a systemic, organizational, fall down. It’s time for a complete survey of business and IT practices, training programs, and day-to-day standards and comprehensions at Morgan Stanley.
The bank has had to notify customers that, at the least, names, addresses, earned income on investments, and tax ID numbers may be compromised. Social security numbers frequently serve as tax ID numbers, and Morgan Stanley has offered a year of credit monitoring services for clients whose SSNs were exposed.
Morgan Stanley was notified on June 8th that the CDs were missing. An exhaustive search was made through all facilities the CDs and associated package passed through – however, it wasn’t until June 24th that Morgan Stanley notified customers – via mail.
Remember: Your number one asset is your reputation… your next asset is your customers. Without those, your employees don’t have much reason to show up. Take a look at your business processes and associated security – now.
On this day: On July 6th, 1924, the first photograph was sent across the Atlantic by radio, from the US to England.