Morgan Stanley to Pay $60M to Resolve Data Security Lawsuit

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

 

Morgan Stanley agreed to pay $60 million in a preliminary settlement of a class-action lawsuit filed against the company on Friday, according to Reuters, for allegedly neglecting to secure customers’ personal data before retiring outdated information technology. 
The settlement offer awaits the approval of New York District Judge Analisa Torres. The lawsuit was filed on behalf of around 15 million Morgan Stanley clients in response to two separate occurrences that occurred in 2016 and 2019. 
Morgan Stanley decommissioned two wealth management data centres in the first incident. Before removing the unencrypted computer equipment from the centres, the bank’s vendor, Triple Crown, was tasked with deleting or destroying it. Even after it had left the vendor’s control, this device was later discovered to contain data. According to Morgan Stanley, the vendor removed the devices and resold them to a third party without permission. 
As part of a hardware refresh programme, the second incident entailed the replacement and removal of branch office equipment. The bank was unable to discover some of these devices, which could have retained previously deleted information on discs in an unencrypted version due to a software error. 
Customers will receive a minimum of two years of fraud insurance coverage as part of the proposed settlement, as well as compensation for up to $10,000 in related out-of-pocket losses. The bank als

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article: