The financial services firm says a rogue employee stole data from 350,000 clients, posting some of it online.
The financial services giant Morgan Stanley said Monday it has fired an employee after discovering the worker stole account information from up to 10% of the firm’s wealth management clients.
In addition to the 350,000 clients whose data was stolen, Morgan Stanley said the account data for about 900 clients, including account names and numbers, was “briefly” posted online. The firm detected the data leak and “promptly” removed it, according to a company press release.
Morgan Stanley said it was in the process of contacting all potentially affected clients to advise them of the theft. The company said the stolen data does not include social security numbers or passwords.
Corporate data security has become a major issue—and a major headache—for businesses in recent years. Companies like Target and Home Depot were hit by hackers, exposing clients’ credit card data. And just last month, the movie studio Sony pulled a film from theaters after hackers broke into the firm’s computer systems, leaked internal documents, and threatened attacks on movie theaters if the film were released. The US government now attributes the Sony hack to North Korea.
However, the Morgan Stanley case highlights the fact that firms have more to worry about than outside hackers. Company employees with access to the data can also create security risks.
In addition to firing the employee, Morgan Stanley said it alerted law enforcement and regulatory officials to the theft. The company does not go into detail as to where the employee worked. Morgan Stanley has offices in more than 43 countries.
The company said it was “instituting enhanced security procedures including fraud monitoring on these [affected] accounts.”