Your IT Consultant

Lack of Supervision Gets Morgan Stanley a $35M Fine

September 21, 2022

In 2015, Morgan Stanley decommissioned datacenters and disposed of hard drives and backup tapes containing people’s personal data. Apparently, Morgan Stanley Smith Barney (MSSB aka Morgan Stanley Wealth Management) didn’t verify or monitor the proper destruction according to a post in The Register. The SEC imposed a $35M fine “after customers’ sensitive records were left unencrypted on unwiped hard drives that were auctioned off after decommissioning.” Morgan Stanley hired a company that had no experience in the proper disposal of equipment that contains sensitive information. Busted.

It doesn’t matter if you are getting rid of your company’s computers or your own personal devices. You should always wipe any hard drives and factory reset any mobile device before selling or recycling it. Even though Morgan Stanley was fined $35M, it’s a drop in the bucket considering that it generates billions of dollars in profit each month.

Email:   Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com