The Morgan Stanley Smith Barney Breach: Losing Client Data the Old Fashioned Way

by Mercator Advisory Group 0

Close up of credit card forming background
The number of clients is relatively small, perhaps only 34,000, but the details are rich; Morgan Stanley Smith Barney (MSSB) created a CD for the NY State Taxation Department in order to report income for clients. According to MSSB:

“The sensitive information on the password-protected CD-ROMs included names, addresses, Social Security numbers, Morgan Stanley Smith Barney account numbers and income earned on tax exempt bonds or funds you hold or held in 2010.”

Somewhere in the delivery process, the CDs supposedly disappeared from the package. Yikes! Not all records contained social security numbers, but for those that did, MSSB reportedly will absorb the cost of a full year of credit monitoring services.

In the opinion of Adam Levin, founder of

“What this letter really says is that after all the coverage of all of the breaches, all the horror stories, all the misery, all the litigation, all the heroic pronouncements by all the regulators, legislators, corporate leaders and consumer advocates, the memo still didn’t get to Wall Street where they obviously care more about intellectual property, trade secrets, inside trading, outsized profits and complaining about over-regulation than their most precious asset: their customers.”

We might beg to differ a bit, in that “the memo” surely did get to Wall Street, and to MSSB’s GLB-designated compliance officer for privacy issues. However, it is apparent that the organization as a whole has not developed a respect for client data and client privacy rights. It is impossible for a privacy compliance officer to track down all individual instances of data at risk in all the operational aspects of running a complex financial institution.

Instead, it is essential that the importance of data privacy be communicated loudly and frequently throughout the rank and file of staff. Only when all personnel take on the responsibility of protecting client privacy can a firm hope to avoid dumb data breaches.

Click here for more:

Read more here:

Featured Content