{"id":52985,"date":"2016-06-09T08:29:05","date_gmt":"2016-06-09T12:29:05","guid":{"rendered":"http:\/\/www.hedgeco.net\/news\/?p=52985"},"modified":"2016-06-09T08:33:20","modified_gmt":"2016-06-09T12:33:20","slug":"sec-morgan-stanley-failed-to-safeguard-customer-data","status":"publish","type":"post","link":"https:\/\/hedgeco.net\/news\/06\/2016\/sec-morgan-stanley-failed-to-safeguard-customer-data.html","title":{"rendered":"SEC: Morgan Stanley Failed to Safeguard Customer Data"},"content":{"rendered":"<p>(HedgeCo.Net) The Securities and Exchange Commission today announced that Morgan Stanley Smith Barney LLC has agreed to pay a $1 million penalty to settle charges related to its failures to protect customer information, some of which was hacked and offered for sale online.<\/p>\n<p>The SEC issued an order finding that Morgan Stanley failed to adopt written policies and procedures reasonably designed to protect customer data.  As a result of these failures, from 2011 to 2014, a then-employee impermissibly accessed and transferred the data regarding approximately 730,000 accounts to his personal server, which was ultimately hacked by third parties.<\/p>\n<p>\u201cGiven the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection.  We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information,\u201d said Andrew Ceresney, Director of the SEC Enforcement Division.<\/p>\n<p>According to the SEC\u2019s order instituting a settled administrative proceeding:<\/p>\n<p>The federal securities laws require registered broker-dealers and investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information. Morgan Stanley\u2019s policies and procedures were not reasonable, however, for two internal web applications or \u201cportals\u201d that allowed its employees to access customers\u2019 confidential account information.<\/p>\n<p>For these portals, Morgan Stanley did not have effective authorization modules for more than 10 years to restrict employees\u2019 access to customer data based on each employee\u2019s legitimate business need.<br \/>\nMorgan Stanley also did not audit or test the relevant authorization modules, nor did it monitor or analyze employees\u2019 access to and use of the portals.<\/p>\n<p>Consequently, then-employee Galen J. Marsh downloaded and transferred confidential data to his personal server at home between 2011 and 2014. A likely third-party hack of Marsh\u2019s personal server resulted in portions of the confidential data being posted on the Internet with offers to sell larger quantities.<\/p>\n<p>The SEC\u2019s order finds that Morgan Stanley violated Rule 30(a) of Regulation S-P, also known as the \u201cSafeguards Rule.\u201d  Morgan Stanley agreed to settle the charges without admitting or denying the findings.  In a separate order, Marsh agreed to an industry and penny stock bar with the right to apply for reentry after five years.  He was criminally convicted for his actions last year and received 36 months of probation and a $600,000 restitution order.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>(HedgeCo.Net) The Securities and Exchange Commission today announced that Morgan Stanley Smith Barney LLC has agreed to pay a $1 million penalty to settle charges related to its failures to protect customer information, some of which was hacked and offered [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[919,16,3,16048],"tags":[],"class_list":["post-52985","post","type-post","status-publish","format-standard","hentry","category-hedge-fund-research","category-hedgeco-networks-press-releases","category-hedgeco-news","category-hedgecovest-news"],"_links":{"self":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/52985","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/comments?post=52985"}],"version-history":[{"count":1,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/52985\/revisions"}],"predecessor-version":[{"id":52986,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/52985\/revisions\/52986"}],"wp:attachment":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/media?parent=52985"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/categories?post=52985"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/tags?post=52985"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}