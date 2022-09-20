Morgan Stanley paying $35 million to settle claims of failing to protect customer records
- Firm’s servers and hard drives were resold with customer data still on them, SEC says
Morgan Stanley will pay $35 million to settle allegations that it scrapped computer servers and hard drives without ensuring they no longer held sensitive customer information, regulators said.
Some of the computer hardware was resold with customer data still on it, according to the Securities and Exchange Commission. The brokerage and money-management firm agreed to pay the fine without admitting or denying wrongdoing, the SEC said.
The SEC also alleged that Morgan Stanley lost track of 42 computer servers that potentially contained unencrypted customer data. The missing servers were used in local offices where stockbrokers and investment advisers dealt with clients, the SEC said.
The conduct violated a regulation that requires brokers and money managers to protect the security and confidentiality of certain customer records, the SEC said.
The $35 million fine represents a steep penalty for an alleged record-keeping misstep. Last year, the SEC imposed fines of $300,000 or less on three smaller financial-advisory firms accused of similar violations.
“If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors," SEC Enforcement Director Gurbir Grewal said.
A Morgan Stanley spokesperson said the firm was pleased to resolve the investigation. “We have previously notified applicable clients regarding these matters, which occurred several years ago, and have not detected any unauthorized access to, or misuse of, personal client information," the spokesperson said.
