Morgan Stanley agrees $ 60 million settlement in data breach lawsuit
Morgan Stanley has agreed a $ 60 million settlement figure to resolve a data breach lawsuit.
The U.S. banking and financial services giant was subjected to a class action suit following two data disclosure incidents involving approximately 15 million current and former clients.
According to the move (.PDF), legacy equipment was decommissioned in 2022 and 2022 that contained personally identifiable information (PII) of clients. However, the equipment was not cleaned of this sensitive information prior to sale and the databases may have subsequently been exposed, in an unencrypted manner, and visible to the purchasing parties.
Court documents suggest that the equipment that had been retired included old servers and other data center technology.
In 2022, Morgan Stanley was contacted by one of those vendors who told the company that they had access to messenger data.
“In 2022, following an investigation, the Office of the Regulator of Currency (OCC) instructed Morgan Stanley to notify the current and former clients of the Data Security Incidents,” the move states. read. "Morgan Stanley began issuing notification letters in July 2022. The action by the OCC resulted in a consent order stating that Morgan Stanley had not" effectively assessed or addressed the risks associated with deregulation. commissioning of its hardware. "
After notification, a class action lawsuit was launched in 2022. Separately, the OCC was fined $ 60 million for data protection failure.
Morgan Stanley has denied liability claims. However, if the settlement amount is agreed with a Manhatten federal court judge, $ 60 million will be awarded to those potentially affected through a settlement fund.
Applicants will be allowed at least 24 months of fraudulent insurance services and each class member can pay up to $ 10,000 for out-of-pocket expenses and $ 100 in 'lost time,' (four hours at $ 25 per hour) although further lost hours will be considered if relevant evidence is provided.
The bank has also agreed to hire a third party to try to locate equipment that has been missing for 12 months, some of which has been recovered.
Morgan Stanley told Bloomberg in a statement, "We have notified all potential clients of these issues, which occurred several years ago, and we are pleased to announce that. resolve this related lawsuit. "
Previous and related broadcast
Do you have a tip? Contact securely via WhatsApp | Signal at +447713 025 499, or more on Keybase: charlie0