Back in 2016, Morgan Stanley closed two data centers and hired a vendor to remove old equipment from the buildings. Subsequently, Morgan Stanley learned that some of the machines still contained unencrypted client data and had not been fully wiped clean, according to Think Advisor.
Flash forward to 2020. Morgan Stanley is unable to locate the equipment and have deemed it “missing.” Additionally, back in 2019, Morgan Stanley had replaced multiple servers across various branch locations. A filed complaint alleges that the discarded servers contain unencrypted data and that Morgan Stanley had also deemed those servers missing.
The missing equipment is said to contain “everything unauthorized third parties need to illegally use Morgan Stanley’s current and former customers’ PII (personal identifying information) to steal their identities and to make fraudulent purchases, among other things.”
The complaint states that the customers whose personal information resides on the discarded equipment face a “lifetime risk” of identity theft and their information being sold on the dark web.
Email: email@example.com Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology