Morgan Stanley agrees to pay millions to settle data breach claims

The Wall Street bank Morgan Stanley has agreed to pay $60m to settle a lawsuit filed by customers who say the firm’s poor security practices left their personal data at risk.

A preliminary settlement of the class action lawsuit was recently filed in Manhattan federal court though it still requires approval by US District Judge Analisa Torres according to a new report from Reuters.

If approved, the proposal would provide at least two years of identity theft protection for the 15m customers affected by two separate security breaches. They will also be able to apply for reimbursement of up to $10k in out-of-pocket losses.

According to Morgan Stanley’s settlement, the company denies any wrongdoing though in time since the two incidents occurred, it has made “substantial” upgrades to its data security practices.

Decommissioned equipment

In their class action lawsuit, current and former Morgan Stanley customers accused the bank of failing to properly wipe decommissioned equipment from two data centers containing unencrypted customer data back in 2016 before it was resold to unauthorized third parties.

Additionally, the lawsuit says that several older servers which also contained customer data went missing after the firm transferred them to an outside vendor back in 2019. However, Morgan Stanley was later able to recover the servers in question according to court papers.

Back in October of 2020, Morgan Stanley agreed to pay a $60m civil fine to resolve accusations that its information security practices were unsafe or unsound put forth by the US Office of the Comptroller of the Currency.

In a recent email, the firm said that it had notified all affected customers and that it was pleased to finally settle the class action lawsuit against it.

We’ve also highlighted the best firewall, best malware removal software and best endpoint protection software

Via Reuters