While most of us are coming back rested and refreshed for the new year, Morgan Stanley can’t quite say the same as the bank’s 2014 ended with a massive data breach.
Just two days after Christmas, information security employees at the bank discovered the data breach. The bank was conducting a standard sweep of known criminal websites when it discovered that several hundred confidential client records were listed for sale.
After further examination, the bank found that 350,000+ files were stolen from its wealth management arm which has roughly 3.5M customers. It doesn’t take a mathematician to figure out a whopping 10% of client files were stolen! The alleged thief is Galen Marsh, a 30-year-old sales assistant that has been with Morgan Stanley for about 6 years. The FBI is now looking into the matter.
This latest breach brings up an often overlooked point: one of the biggest threats to user data comes from within. In fact, the cyber risk study cited in our post last week found that 32% of data breaches studied had some kind of insider involvement.
Startups should be sure that to have tiered access permissions, strict permission revocation procedures, employee nondisclosure agreements in place, and a good cyber liability insurance policy at a minimum. Employees can have access to a ton of valuable information and it’s important to make sure procedures and failsafes are in place to protect that information. Morgan Stanley ended 2014 with a data breach, don’t start your 2015 the same way.
We’ll bring more on the 2014 Morgan Stanley data breach as the situation develops.