New York (CNN Business)Federal regulators accused Morgan Stanley connected Tuesday of "astonishing" failures that led to the mishandling of delicate information connected immoderate 15 cardinal customers.
Morgan Stanley was slapped with a $35 cardinal fine from the Securities and Exchange Commission for extended failures to safeguard idiosyncratic identifying accusation connected its clients.
Since astatine slightest 2015 Morgan Stanley did not decently get escaped of devices holding delicate lawsuit data, according to the settlement.
In 1 occurrence described by the SEC, Morgan Stanley hired a moving institution -- 1 that had "no acquisition oregon expertise" successful information demolition -- to decommission thousands of hard drives and servers holding lawsuit data.
That moving institution aboriginal sold thousands of Morgan Stanley devices, immoderate of which contained idiosyncratic identifying information, to a 3rd party, the SEC said.
Those devices were yet resold connected an net auction tract -- without the removal of the delicate data, according to the settlement.
Morgan Stanley was capable to retrieve immoderate of those devices, which contained "thousands of pieces of unencrypted lawsuit data," the SEC said.
"The steadfast has not recovered the immense bulk of the devices," according to the settlement.
Morgan Stanley's "failures successful this lawsuit are astonishing," Gurbir Grewal, manager of the SEC's enforcement division, said successful a statement. "If not decently safeguarded, this delicate accusation tin extremity up successful the incorrect hands and person disastrous consequences for investors."
Beyond the servers and hard drivers, the SEC recovered that Morgan Stanley failed to safeguard lawsuit information and decently dispose of user study accusation successful different ways, including erstwhile the steadfast unopen down section bureau and subdivision servers. The colony said that a Morgan Stanley reappraisal recovered that 42 servers, each perchance containing unencrypted information and user study information, were "missing."
Morgan Stanley agreed to wage the good without admitting oregon denying the findings successful the settlement.
In a statement, Morgan Stanley said it is pleased to person resolved this contented and expressed assurance that nary delicate information was exploited.
"We person antecedently notified applicable clients regarding these matters, which occurred respective years ago, and person not detected immoderate unauthorized entree to, oregon misuse of, idiosyncratic lawsuit information," Morgan Stanley said successful the statement.