Morgan Stanley wealth client data stolen by employee

The account information of about 350,000 of Morgan Stanley’s wealth clients was stolen by an employee and posted online

The financial services company Morgan Stanley has admitted that one of its employees stole account information from 350,000 clients and posted it online.

The bank said account information of up to 10% of its wealth management clients was stolen by an employee, who has been sacked, intending to sell the details. The data, from about 900 of these clients, was briefly published online.

The bank found the published account information on 27 December in a routine internet check, but it had not been viewed by many people, according to sources quoted in the Financial Times.

The employee, 30-year-old New Jersey-based Galen Marsh, has denied he was attempting to sell the data.

The bank said it is investigating how this happened. 

“Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the appropriate authorities to conduct and conclude a thorough investigation of this incident,” it said in a statement.

It added that the data stolen does not include account passwords or social security numbers. “The firm is taking the precaution of notifying all potentially affected clients and instituting enhanced security procedures including fraud monitoring on these accounts.”

Banks are regularly attacked by hackers from outside and are investing heavily to secure data, but securing and monitoring data inside a bank is vital, as this information is very valuable to criminals . 

Last year it was revealed that data protection and financial regulators were investigating Barclays after a whistleblower claimed the bank leaked 27,000 customer records.

The whistleblower said the files were a sample from a stolen database of up to 27,000 files, worth around £1.35m. They said an unnamed firm of rogue brokers gave him the files to sell.

Between December 2012 and September 2013, a group of brokers at the rogue firm were given the files, which they used to cold call their victims.

Read more on IT for financial services