While most of us are coming back rested and refreshed for the new year, Morgan Stanley can’t quite say the same as the bank’s 2014 ended with a massive data breach.

Just two days after Christmas, information security employees at the bank discovered the data breach.  The bank was conducting a standard sweep of known criminal websites when it discovered that several hundred confidential client records were listed for sale.

After further examination, the bank found that 350,000+ files were stolen from its wealth management arm which has roughly 3.5M customers.  It doesn’t take a mathematician to figure out a whopping 10% of client files were stolen!  The alleged thief is Galen Marsh, a 30-year-old sales assistant that has been with Morgan Stanley for about 6 years.  The FBI is now looking into the matter.

This latest breach brings up an often overlooked point: one of the biggest threats to user data comes from within.  In fact, the cyber risk study cited in our post last week found that 32% of data breaches studied had some kind of insider involvement.

Startups should be sure that to have tiered access permissions, strict permission revocation procedures, employee nondisclosure agreements in place, and a good cyber liability insurance policy at a minimum.   Employees can have access to a ton of valuable information and it’s important to make sure procedures and failsafes are in place to protect that information.  Morgan Stanley ended 2014 with a data breach, don’t start your 2015 the same way.


We’ll bring more on the 2014 Morgan Stanley data breach as the situation develops.

Leave a Reply

Your email address will not be published. Required fields are marked *