Morgan Stanley (MS) Agrees to Settle Charges on Customer Safety
Morgan Stanley MS has agreed on a $6.5 million settlement with six state attorneys general, led by New York attorney general Letitia James. The firm’s U.S. wealth management business, earlier known as Morgan Stanley Smith Barney LLC, was charged with failing to protect customers’ personal information while shutting down two data centers in 2016.
MS was accused of negligence in properly decommissioning computers that contained unencrypted customer data.
According to the agreement released by attorney general James, “Morgan Stanley failed to decommission its computers and erase unencrypted data in certain computer devices that were later auctioned while still containing consumers’ personal information, including data belonging to 1.1 million New Yorkers”.
James stated, “No one should have their personal information auctioned off without their knowledge because a company failed to take basic steps to erase it before selling their old computers. Today’s agreement requires Morgan Stanley to bolster its cybersecurity so consumers will never again have to risk their personal data unintentionally being sold at an auction. Companies, big and small, must all take their responsibility to protect their customers’ data seriously, and if they do not, my office will take action”.
In one incident, MS hired a moving company with no experience in data destruction services to decommission thousands of hard drives and servers containing sensitive information of millions of customers. However, Morgan Stanley failed to properly monitor the company’s work, and its computer equipment, some of which still contained private consumer information, was then sold at auction.
In another incident, during a decommissioning process, MS found that 42 servers, all potentially containing unencrypted customer information, were missing. During the process, it learned that local devices being decommissioned may have contained unencrypted data due to a manufacturer flaw in the encryption software. Because Morgan Stanley failed to maintain adequate vendor controls and hardware inventories, data security events could not be prevented.
Per the settlement agreement, New York will receive a little over $1.6 million. The remaining will be settled with the states of Connecticut, Florida, Indiana, New Jersey and Vermont.
Further, Morgan Stanley has agreed to adopt a series of steps to strengthen its data security measures This includes encrypting all personal information, whether stored or transmitted, between documents, databases and elsewhere; maintaining an incident response plan that documents incidents and responses; and keeping a vendor risk assessment team, among other provisions.
Over the past six months, shares of MS have lost 5.7% against the industry’s growth of 2.2%.
Image Source: Zacks Investment Research
Currently, Morgan Stanley carries a Zacks Rank #3 (Hold). You can see the complete list of today’s Zacks #1 Rank (Strong Buy) stocks here.
Legal Issues of Other Finance Companies
A few months ago, Goldman Sachs GS agreed to pay $6 million to Securities and Exchange Commission (SEC) for not providing complete and accurate information in the blue sheets. It contained information regarding securities trading and transactions that were provided to various regulatory authorities.
Per SEC’s findings, GS made more than 22,000 inadequate blue sheet submissions between 2012 and 2022, comprising 43 different types of errors that affected more than 163 million transactions.
SEC stated that GS did not have adequate processes that could verify the accuracy of its electronic blue sheet submissions. Moreover, per SEC, Goldman knowingly violated the recordkeeping and reporting provisions of the federal securities laws.
Hence, GS agreed to pay the fine levied on it. Also, it has undertaken remedial actions to rectify and improve the reporting systems and controls of the blue sheet submissions.
Likewise, Washington Trust Bancorp, Inc.’s WASH wholly-owned subsidiary, The Washington Trust Company, agreed on a settlement with the U.S. Department of Justice to resolve allegations that Washington Trust violated fair lending laws in Rhode Island between 2016 and 2021.
Washington Trust was required to provide $7 million in mortgage loan subsidies for mortgage, home improvement or refinance loans in specific census tracts in Rhode Island over five years.
Also, the company had to commit $2 million for focused community outreach and marketing efforts.
The settlement did not include any civil monetary penalties.
Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report
The Goldman Sachs Group, Inc. (GS) : Free Stock Analysis Report
Morgan Stanley (MS) : Free Stock Analysis Report
Washington Trust Bancorp, Inc. (WASH) : Free Stock Analysis Report
