$35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned

[Nathan]

When it comes to safeguarding customer information, this occurrence is merely "business as usual"....

Morgan Stanley on Tuesday agreed to pay the Securities and Exchange Commission (SEC) a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centers being resold on auction sites without first being wiped.


The SEC action said that the improper disposal of thousands of hard drives starting in 2016 was part of an “extensive failure” over a five-year period to safeguard customers’ data as required by federal regulations. The agency said that the failures also included the improper disposal of hard drives and backup tapes when decommissioning servers in local branches. In all, the SEC said data for 15 million customers was exposed. arstechnica

 

[fuzzybuddy]

I get the feeling that Morgan Stanley will pay $35 Million in fines, but with tax deductions, and corporate finance laws , etc., they'll wind up making $70 million.

 

[Chet]

Here's another excerpt.

Much of the failure stemmed from the 2016 hire of a moving company with no experience or expertise in data destruction services to decommission thousands of hard drives and servers containing the data of millions of customers.