Morgan Stanley Discarded Old Hard Drives without Deleting Customer Data First

READY TO GET STARTED?

You can ship your media to us or visit one of our offices.

GET STARTED NOW

October, 2022

Morgan Stanley Discarded Old Hard Drives without Deleting Customer Data First

An investigation by the US Securities and Exchange Commission (SEC) discovered that Morgan Stanley Smith Barney, now known as Morgan Stanley Wealth Management, put the personal information of 15 million customers at risk. That happened due to the way it handled old hard drives and servers.

Starting in 2015, and for a period spanning five years, Morgan Stanley repeatedly hired a moving and storage company to handle the decommissioning of old HDD drives and servers holding sensitive customer data. But according to SEC, the company selected to handle the HDDs and servers had no experience or expertise in data destruction services. And Morgan Stanley didn't encrypt the data stored on these drives, and didn't delete any of it before handing them over to the moving company.

As a result, the personal data of millions of Morgan Stanley customers became available on thousands of old HDDs without any form of protection. The SEC found that instead of permanently deleting the data stored on the hard drives, the moving company simply sold the HHDs on to a third-party, which in turn sold some of them on internet auctions sites with the data still intact. The vast majority of these hard drives have never been recovered.

The SEC also alleged that Morgan Stanley lost track of 42 servers that potentially contained unencrypted customer data when it decommissioned local office and branch servers as part of a hardware refresh program. The servers, which contained sensitive customer information, had been equipped with encryption software, but the firm allegedly failed to activate the software.

Morgan Stanley has consented to the SE’s finding that it “violated the Safeguards and Disposal Rules under Regulation S-P,” but did so without admitting or denying the findings. The company also agreed to pay a $35 million penalty to settle the charges against it. In a statement, a Morgan Stanley spokesperson said the firm was pleased to have resolved this matter. Morgan Stanley has not detected any unauthorized access to or misuse of personal client information.

Customer Average Rating 4.7 Hard Drive Recovery Rating

based on 114 Review

"Would not hesitate to recommend this company to anyone else."

ACE Data Recovery recovered all of my data, even though the drive was badly damaged. Throughout the entire process, Don was extremely professional and helpful. He also did a great job of keeping me up to date on where we stood in the recovery process. I will definitely use this company again.

Larysa Ferrell Rated Hard Drive Recovery Rating

5.0 on 03/16/2018

"They have an amazing friendly staff"

If you find yourself in a situation like my wife where her hard drive decided to take a dump and threaten to leave her with the loss of precious files, then I highly recommend you look up ACE Data Recovery.
These guys where straight and transparent about expectations and certainly did not take advantage of our situation and offered reasonable recovery rates for the work they were going to employ. Their communication throughout the whole process was fantastic with weekly updates on the progress of the recovery. Another great feature offered was the ability to break the payment into monthly payments while they worked on our drive. They have an amazing friendly staff Don, Alevtina and Diana, to name a few that certainly makes the difference and are deserving of a 5 star Rating

Charlie Rod Rated Hard Drive Recovery Rating

5.0 on 08/18/2021