"Morgan Stanley to pay $35 mil for not destroying hard drives- Careful who you trust to destroy your hard drives”

If there’s one place an investment and banking firm doesn’t want to see its name, it’s on the press release page for the SEC.

“Morgan Stanley Smith Barney to Pay $35 Million for Extensive Failures to Safeguard Personal Information of Millions of Customers,” the press release is entitled.

To MSSB, $35 million is chump change, but it’s also a massive loss of reputation.

According to the SEC's findings, MSSB failed to properly dispose of devices carrying its customers' PII as early as 2015. To decommission thousands of hard drives and servers storing the PII of millions of its customers, MSSB repeatedly contracted a moving and storage business with no training or experience in data destruction services. In addition, the SEC's ruling claims that over a period of years, MSSB failed to effectively oversee the operations of the moving company. According to the staff's research, the moving business sold thousands of MSSB items, such as servers and hard drives, to a third party. Some of these items had customer PII, and they were later resold on an online auction site without being scrubbed of it.

Millions of MSSB customers have been compromised, an effect that can lead to a massive mea culpa and the potential loss of customers.

TechCrunch wrote about it detail: https://techcrunch.com/2022/09/21/morgan-stanley-hard-drives-data-breach/

There is a simple way to make sure your company doesn’t end up on the SEC press release page: work with Critical Risk Solutions and let our team of security experts prevent this level of embarrassment.

More than a consultancy, we have the tools to destroy old media devices and keep your customers’ data secure.

Contact us at CRS to learn more about how we can keep your company off the front page.