{"id":82640,"date":"2022-09-21T00:38:27","date_gmt":"2022-09-21T04:38:27","guid":{"rendered":"https:\/\/www.hedgeco.net\/news\/?p=82640"},"modified":"2022-09-21T00:38:15","modified_gmt":"2022-09-21T04:38:15","slug":"morgan-stanley-smith-barney-to-pay-35-million-for-extensive-failures-to-safeguard-personal-information-of-millions-of-customers","status":"publish","type":"post","link":"https:\/\/hedgeco.net\/news\/09\/2022\/morgan-stanley-smith-barney-to-pay-35-million-for-extensive-failures-to-safeguard-personal-information-of-millions-of-customers.html","title":{"rendered":"Morgan Stanley Smith Barney to Pay $35 Million for Extensive Failures to Safeguard Personal Information of Millions of Customers"},"content":{"rendered":"\n<p>(HedgeCo.Net) The Securities and Exchange Commission has announced charges against <strong>Morgan Stanley Smith Barney LLC <\/strong>(MSSB) stemming from the firm\u2019s extensive failures, over a five-year period, to protect the personal identifying information, or PII, of approximately 15 million customers. MSSB has agreed to pay a <strong>$35 million penalty <\/strong>to settle the SEC charges.<\/p>\n\n\n\n<p>The SEC\u2019s order finds that, as far back as 2015, MSSB failed to properly dispose of devices containing its customers\u2019 PII. On multiple occasions, MSSB hired a moving and storage company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the PII of millions of its customers. Moreover, according to the SEC\u2019s order, over several years, MSSB failed to properly monitor the moving company\u2019s work. The staff\u2019s investigation found that the moving company sold to a third party thousands of MSSB devices including servers and hard drives, some of which contained customer PII, and which were eventually resold on an internet auction site without removal of such customer PII. While MSSB recovered some of the devices, which were shown to contain thousands of pieces of unencrypted customer data, the firm has not recovered the vast majority of the devices.<\/p>\n\n\n\n<p>The SEC\u2019s order also finds that MSSB failed to properly safeguard customer PII and properly dispose of consumer report information when it decommissioned local office and branch servers as part of a broader hardware refresh program. A records reconciliation exercise undertaken by the firm during this decommissioning process revealed that 42 servers, all potentially containing unencrypted customer PII and consumer report information, were missing. Moreover, during this process, MSSB also learned that the local devices being decommissioned had been equipped with encryption capability, but that the firm had failed to activate the encryption software for years.<\/p>\n\n\n\n<p>\u201cMSSB\u2019s failures in this case are astonishing. Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so,\u201d said Gurbir S. Grewal, Director of the SEC\u2019s Enforcement Division. \u201cIf not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors. Today\u2019s action sends a clear message to financial institutions that they must take seriously their obligation to safeguard such data.\u201d<\/p>\n\n\n\n<p>Without admitting or denying its findings, MSSB consented to the SEC\u2019s order finding that the firm violated the Safeguards and Disposal Rules under Regulation S-P and agreed to pay the aforementioned penalty.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>(HedgeCo.Net) The Securities and Exchange Commission has announced charges against Morgan Stanley Smith Barney LLC (MSSB) stemming from the firm\u2019s extensive failures, over a five-year period, to protect the personal identifying information, or PII, of approximately 15 million customers. MSSB [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,3,16048,16047],"tags":[],"class_list":["post-82640","post","type-post","status-publish","format-standard","hentry","category-hedgeco-networks-press-releases","category-hedgeco-news","category-hedgecovest-news","category-insider-trading-2"],"_links":{"self":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/82640","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/comments?post=82640"}],"version-history":[{"count":1,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/82640\/revisions"}],"predecessor-version":[{"id":82641,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/posts\/82640\/revisions\/82641"}],"wp:attachment":[{"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/media?parent=82640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/categories?post=82640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hedgeco.net\/news\/wp-json\/wp\/v2\/tags?post=82640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}