September 20, 2022

Morgan Stanley Smith Barney LLC (MSSB) has agreed to pay $35 million to the SEC to settle charges of failing to protect the personal identifying information (PII) of some 15 million customers.  Between 2015 to 2020, MSSB failed to properly encrypt PII or properly dispose of devices and servers containing PII.  As a result, decommissioned devices containing unencrypted PII were resold by a third party via an internet auction site, and 42 decommissioned servers containing unencrypted PII went missing entirely.  SEC

Tagged in: Cybersecurity and Data Breaches, Financial and Investment Fraud,