Home / Early Warning / Cybersecurity Highlights / Morgan Stanley fined for the sale of personal data

Morgan Stanley fined for the sale of personal data

09/20/2022

Morgan Stanley Smith Barney LLC (MSSB), a US multinational financial institution that operates as an investment bank and broker-dealer, has decided to pay a fine of USD 35 million to the US Securities and Exchange Commission (SEC) for having sold data on 15 million customers to third parties who auctioned this data on the Internet.

According to the SEC's ruling, the company used an external supplier to dispose of its old equipment, but did not realise that this contractor had resold its old equipment to another company, which then auctioned it online.

The SEC was able to demonstrate that thousands of unencrypted customer data existed, and has estimated that 42 servers with personal customer information are missing.