fb

Second hand servers + personal data = $35 million

Second hand servers + personal data = $35 million

Morgan Stanley is one of the most renowned banks in the world. It started business on Wall Street in New York back in 1935 and has grown so that it now has a market capitalisation of around $150 billion and employs approximately 70,000.

It’s obviously good at a lot of things but one area it wasn’t so good at was looking after the personal data of about 15 million customers.

Probably one of the first things that come to mind when protecting the personal details of clients are the security systems to protect the data within the bank such as passwords, firewalls, etc.

The problem for Morgan Stanley though was the data that was in computer hardware that was scrapped.

The US Securities and Exchange Commission (SEC) accused Smith Barney (Morgan Stanley’s wealth management business), of “astonishing” shortcomings.

The problems arose when Morgan Stanley disposed of thousands of hard drives and servers.

On multiple occasions a moving and storage business with no experience in data destruction services was hired to decommission these hard drives.

In other words, the hard drives and servers which were being scrapped should have had all the personal details removed.

Unfortunately this didn’t happen and instead the moving business then sold thousands of these devices to a third party. This third party then resold them on an internet auction site.

Some of the devices were subsequently recovered but the SEC said that Morgan Stanley “has not recovered the vast majority of the devices”.

The devices which were recovered were found to contain “thousands of pieces of unencrypted customer data”.

The end result is that Morgan Stanley has agreed to pay a $35 million penalty to settle charges.

There’s a valuable lesson to be learnt from this as responsibility for the safeguarding of personal data remains with the organisation and this includes making sure that the destruction of hardware containing that data is done in such a way that the data is erased and does not find it’s way into other people’s hands.

Share this entry

Related articles

View All Articles

Recent articles

View All Articles
Comparing the Top 5 ACCA Platinum Online Course Providers
Dec 12, 2024
Title
Comparing the Top 5 ACCA Platinum Online Course Providers
Excerpt

If you’re looking to excel in your ACCA studies, choosing an ACCA Platinum Approved Learning Partner is a […]

Santa’s got a spreadsheet: office parties are changing
Dec 10, 2024
Title
Santa’s got a spreadsheet: office parties are changing
Excerpt

For generations, the annual office Christmas party has served as a time-honoured tradition—an opportunity for colleagues to celebrate […]

PlayStation turns 30: a game changer?
Dec 05, 2024
Title
PlayStation turns 30: a game changer?
Excerpt

This week it’s Happy 30th Birthday to Sony’s PlayStation. Whilst many a business student may have been longing […]

Ghosting the Algorithm: have dating apps lost their spark?
Nov 28, 2024
Title
Ghosting the Algorithm: have dating apps lost their spark?
Excerpt

In the digital age, anyone looking for romance would know about dating apps. Platforms like Tinder revolutionised how […]

Fake trades but real consequences
Nov 27, 2024
Title
Fake trades but real consequences
Excerpt

Macquarie Bank’s London branch was recently fined £13 million after a trader created fake trades to hide losses. […]

Splash out on a new purchase
Nov 25, 2024
Title
Splash out on a new purchase
Excerpt

The Swedish furniture giant IKEA often comes up with innovative advertising ideas. One of those was when they […]

Are you an adult or a kid (or both)?
Nov 19, 2024
Title
Are you an adult or a kid (or both)?
Excerpt

When was the last time you were in a toy shop or were browsing for toys online? If […]

Who invented double-entry bookkeeping?
Nov 12, 2024
Title
Who invented double-entry bookkeeping?
Excerpt

Double entry bookkeeping – for anyone who has studied accounting those 3 words may bring back fond (or […]