Morgan Stanley to pay $60 million USD fine for confidential data leaking

The financial multinational Morgan Stanley agreed to pay $60 million USD to settle a lawsuit filed by around 15 million customers, who claim that the company exposed their personal data at least twice during a process of information systems transition.

According to the lawsuit, in 2016 Morgan Stanley made multiple mistakes in dismantling and formatting two data centers that would eventually be resold to third parties. The plaintiffs also argue that information from some older servers was improperly transferred to a third-party provider.

After a months-long legal dispute, Morgan Stanley agreed to pay a $60 million fine to settle the allegations from the U.S. Office of the Comptroller of the Currency, acknowledging that its information security practices could be better.

The resolution stipulates that affected customers will receive two years of an electronic fraud protection service, in addition to each of those affected being able to request a refund of up to $10,000 USD. While the company continues to deny the bad practices of which it is accused, it ensures that its internal systems continue to be analyzed to prevent any security incidents.

Morgan Stanley has not responded to multiple requests for information sent by members of the cybersecurity community.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.