A fine of $ 60 million was imposed on Morgan Stanley, from Office of the Comptroller of the Currency, for the failure of the investment bank to properly supervise the safety of its data centers, setting them data of its customers at risk.
When Morgan Stanley disarmed the two data centers associated with the bank's wealth management business in 2016, it failed to properly oversee the third company responsible for ensuring the removal of all personal data, according to the OCC, which is part of US Treasury Department.
"In relation to decommissioning, the bank, among other things, has failed to effectively assess or address risks decommissioning failed to adequately assess the risk of use by third-party manufacturers, including subcontractors, and failed to maintain an adequate AppliancesSays the OCC report.
The OCC also says that Morgan Stanley neglected to exercise proper oversight when it withdrew certain Appliances network, such as computer servers, from a local branch in 2019.
The OCC fine comes about a month after lawyers representing Morgan Stanley clients filed a lawsuit against the bank, claiming it failed to safeguard their personal rights. information, in cases of equipment disposal.
Morgan Stanley confirmed the incidents by sending letters to the Attorney General of California and the attorney generals of other states in July. The letter notes that the data exposed may include names and account numbers, social security number, passport number, contact details, date of birth, property value and possession details. He also says he offered victims two years of prepaid credit monitoring services.
The lawsuit includes complaints from about 100 Morgan Stanley customers who claim to have been influenced by the company's practices.