Multinational financial services corporation Morgan Stanley has fired a financial adviser who stole data on 350,000 clients, The New York Times reported on Monday, naming 30-year-old Galen Marsh as the terminated employee.
Morgan Stanley first realized there was an issue on Dec. 27, 2014, when the bank discovered account names, numbers and transaction data for more than 900 clients posted on the internet, according to The New York Times report.
Forbes indicated in a Monday report that the data was posted to the internet by the former employee who stole the information. Citing a source familiar with the issue, Forbes reported that the former employee is male, worked in wealth management, and was looking to sell the data to identity thieves.
“Overall, partial account information of up to 10 percent of all Wealth Management clients was stolen,” Forbes reported, quoting Morgan Stanley. “The data stolen does not include account passwords or social security numbers.”
There is no evidence of financial losses to customers, Bloomberg reported on Monday, adding that Morgan Stanley has notified law enforcement and is currently notifying all potentially impacted customers.
In a Monday email correspondence, Jonathan Sander, strategy and research officer for STEALTHbits Technologies, told SCMagazine.com that data on wealth management clients is a big target for those looking to make a profit.
“Rich people have money hackers want to steal and a list of them would be something you can sell,” Sander said. “The interesting part of Morgan Stanley's announcement is they have figured out its good press to say “we found a problem and eliminated it right away” instead of hiding it until someone else tells the news. Talking openly about the fact that insiders can breach security but diligence can catch them and fix it is good for Morgan Stanley and the information security world as a whole.”Morgan Stanley did not respond to a Monday SCMagazine.com request for comment.