Inside Job: The 2014 Morgan Stanley Data Breach

While most of us are coming back rested and refreshed for the new year, Morgan Stanley can’t quite say the same as the bank’s 2014 ended with a massive data breach.

Just two days after Christmas, information security employees at the bank discovered the data breach.  The bank was conducting a standard sweep of known criminal websites when it discovered that several hundred confidential client records were listed for sale.

After further examination, the bank found that 350,000+ files were stolen from its wealth management arm which has roughly 3.5M customers.  It doesn’t take a mathematician to figure out a whopping 10% of client files were stolen!  The alleged thief is Galen Marsh, a 30-year-old sales assistant that has been with Morgan Stanley for about 6 years.  The FBI is now looking into the matter.

This latest breach brings up an often overlooked point: one of the biggest threats to user data comes from within.  In fact, the cyber risk study cited in our post last week found that 32% of data breaches studied had some kind of insider involvement.

Startups should be sure that to have tiered access permissions, strict permission revocation procedures, employee nondisclosure agreements in place, and a good cyber liability insurance policy at a minimum.   Employees can have access to a ton of valuable information and it’s important to make sure procedures and failsafes are in place to protect that information.  Morgan Stanley ended 2014 with a data breach, don’t start your 2015 the same way.

We’ll bring more on the 2014 Morgan Stanley data breach as the situation develops.

In the meantime, if you have any questions about insurance or concerns about your own liability, don’t hesitate to reach out to us! We can be reached at (646)-854-1058 or info@foundershield.com. We’ll be waiting for your contact!