Morgan Stanley & Co. agreed to pay $60 million to settle a class-action lawsuit claiming a data security breach exposed the personal data of 15 million current and former customers, including credit card and Social Security numbers.
The sensitive information was stored in data centers that had been decommissioned or replaced, and then allegedly were resold without being properly wiped clean.
Because the firm failed to properly dispose of the data, the personal information of Morgan Stanley customers was easily accessible, according to the agreement filed in federal court in Manhattan Friday. A software flaw allegedly left the data on the old servers in an unencrypted form.
Morgan Stanley agreed to the settlement while continuing to deny the allegations.
“We have previously notified all potentially impacted clients regarding these matters, which occurred several years ago, and are pleased to be resolving this related litigation,” a representative said in a statement.
Morgan Stanley allegedly learned of the breach after it was contacted by a man who said he bought used IT equipment from an internet vendor and it came with access to the sensitive customer data, which also included birth dates and investment account information.
If the settlement is approved by the judge, the affected clients will get access to at least two years of fraud insurance services as an automatic benefit, as well as the opportunity to make a claim for up to $10,000 in reimbursement for out-of-pocket losses.
Cybersecurity is becoming a vexing problem for many wealth management firms, which have long been the logical targets for data breaches. For one, they publicly disclose their assets under management, but also hold some of the most sensitive data directly connected to client finances.
The settlement comes on the heels of a similar breach at Morgan Stanley last year. Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, suffered an information security incident, according to a July letter the company sent to the New Hampshire Attorney General’s office.
In that incident, attackers exploited a software vulnerability, which was subsequently patched within five days, to obtain files giving them access to clients’ names, addresses, dates of birth and Social Security numbers.
The leadership changes coming in June, which also include wealth management and digital unit heads, come as the firm pushes to offer more comprehensive services.
Strategist sees relatively little risk of the university losing its tax-exempt status, which could pose opportunity for investors with a "longer time horizon."
As the next generation of investors take their turn, advisors have to strike a fine balance between embracing new technology and building human connections.
IFG works with 550 producing advisors and generates about $325 million in annual revenue, said Dave Fischer, the company's co-founder and chief marketing officer.
Five new RIAs are joining the industry coalition promoting firm-level impact across workforce, client, community and environmental goals.
RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.
As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.
