Morgan Stanley's wealth and asset management division Morgan Stanley Smith Barney has agreed to pay a $35 million fine to settle charges filed by the U.S. Securities and Exchange Commission pertaining to federal regulation violations on customer data protection and disposal, TechRepublic reports.
The SEC found in its investigation that nearly 15 million MSSB clients had their personally identifiable information compromised after the financial giant enlisted a moving and storage firm without any data destruction experience for the disposal of hard drives and servers containing customers' PII.
Thousands of the devices that were supposed to be destroyed were sold by the moving company to a third-party, which then resold them on an internet auction site. Recovery of some of the devices revealed that customer information had not been encrypted by MSSB, according to the SEC.
"Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so. If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors," said SEC Enforcement Division Director Gurbir Grewal.
Meanwhile, Pathlock Chief Marketing Officer Mike Puterbaugh noted that the fine should prompt organizations to bolster data security capability evaluations and internal data security control audits.
The U.S. Federal Communications Commission imposed $196 million in total fines to AT&T, T-Mobile, and Verizon for engaging in the unlawful sale of customers' location information to data aggregators, reports The Record, a news site by cybersecurity firm Recorded Future.
BleepingComputer reports that U.S. nationally licensed debt collection agency Financial Business and Consumer Solutions had information from more than 1.95 million individuals across the country compromised following a data breach in February.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news