Morgan Stanley Insider Theft Affects Tenth of Wealth Management Clients

Morgan Stanley Insider Theft

Morgan Stanley says it has fired an employee who allegedly stole information from 10 percent of the firm’s wealth management clients with the intent of selling that data online.

The financial services giant Morgan Stanley announced yesterday that that an employee had stolen sensitive information pertaining to more than 900 of the firm’s wealth-management clients.

According to a company press release, the wealth management employee in question “has been terminated.” Furthermore, Morgan Stanley claims it has contacted the appropriate law enforcement and regulatory authorities. Law enforcement officials are currently investigating the matter.

The stolen data is said to include account names and numbers and telephone numbers but not passwords, credit card information or Social Security numbers.

A person familiar with the matter explained to Threatpost that Morgan Stanley believes that the wealth management employee who stole the information intended to sell it on the Internet. That person also explained that the employee stole the information from internal systems and that the theft involved no external hacking. In and of itself, the source noted, the stolen information could not be used to steal actual money from any of the affected customers.

To this point, there has been no evidence of any client suffering any economic harm, Morgan Stanley claimed. The firm says it is in the process of contacting affected clients, and it is also instituting enhanced security procedures including fraud monitoring on impacted accounts.

Wealth management clients are those that maintain a securities and cash management account at Morgan Stanley. Some ten percent of Morgan Stanley wealth management clients are implicated in the theft.

Suggested articles

Insider Threats: What Are They, Really?

“Insider threat” or “human error” shows up a lot as the major cause of data breaches across all types of reports out there. But often it’s not defined, or it’s not clearly defined, so people conjure up their own definition.