SecurityWeek reports that Morgan Stanley has been imposed a $6.5 million fine for its failure to properly remove unencrypted data from decommissioned devices that may have exposed millions of customers' sensitive information.
Investigation into the financial services firm revealed that thousands of hard drives with customer data had been decommissioned through a moving company without any expertise in destroying data, while another decommissioning process saw unencrypted data from 42 missing servers, which stemmed from an encryption software vulnerability. Morgan Stanley was also found to have a lack of asset inventories and vendor controls.
Aside from monetary settlement to be distributed to Florida, New York, Connecticut, New Jersey, Indiana, and Vermont, Morgan Stanley has also been required to bolster personal data protections by ensuring data encryption at rest and in transit, adopting a policy for data collection, use, retention, and disposal, and implementing systems for monitoring hardware with personal data, as well as establishing an incident response plan, information security program, and vendor risk evaluation team.
The U.S. Federal Communications Commission imposed $196 million in total fines to AT&T, T-Mobile, and Verizon for engaging in the unlawful sale of customers' location information to data aggregators, reports The Record, a news site by cybersecurity firm Recorded Future.
BleepingComputer reports that U.S. nationally licensed debt collection agency Financial Business and Consumer Solutions had information from more than 1.95 million individuals across the country compromised following a data breach in February.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news