Morgan Stanley has been fined millions for failing to encrypt hardware

Morgan Stanley has been fined millions for failing to encrypt hardware ...

Morgan Stanley has reached an agreement with the US Securities and Exchange Commission (SEC) on claims that the financial services corporation failed to properly protect customer-sensitive data (opens in a new tab).

As part of the settlement, the company will pay $35 million, but will not admit to being guilty, or deny the SEC''s findings.

Morgan Stanley did not protect customer data due to poor storage techniques. This included apparently hiring a moving and storage company with no knowledge or experience in data destruction services to decommission thousands of hard disk drives (HDD) and servers, which were carrying unencrypted (opens in a new tab) personally identifiable information from millions of Morgan Stanley clients in 2015.

Losing servers

Instead of correcting the sensitive hardware, the company reportedly sold the goods to a third party, who, finally, sold them on an internet auction.

Moreover, the moving company managed to lose 42 servers.

"Customers give financial professionals the knowledge and expectation that they will be protected," said Gurbir S. Grewal, the director of the SEC''s enforcement division.

"This sensitive information may end up in the wrong hands, which may have disastrous consequences for investors," said one expert. Today''s action sends a clear message to financial institutions that they must take seriously their obligation to protect such data.

The data center commissioning process is a wide variety of work, with companies establishing and maintaining entirely ensuring that old and outdated storage units are properly cleaned, without divulging sensitive information to third parties.

Data has become an extremely valuable asset over the past decade, which prompted governments, privacy advocates, and various non-profits to pay closer attention to how important IT organizations collect, store, and share, customer information.