Morgan Stanley Employee Pleads Guilty In Data Breach Case 43
An anonymous reader writes: A former Morgan Stanley financial adviser who was fired in connection with a major breach of client information pleaded guilty to accessing client data and taking it home with him. According to court records Galen Marsh copied names, addresses, account numbers, investment information and other data for approximately 730,000 accounts. "This action, which follows Morgan Stanley's initial investigation and reporting of his misconduct, makes clear that misuse of client account information will not be tolerated," the bank said in a statement.
Re: (Score:1)
No, they don't allow others to financially gain from information they own.
Only MS can profit from doing identity theft on their victims er clients.
Re: (Score:1)
They do not allow it. It happens anyways. FAs take their client data home when they plan to switch firms for some big recruiting bonus, but it is actually against every firm's policy for FAs to take client data out of the office.
Re: (Score:1)
Now Hillary essentially took home Top Secret information by hosting it on her private server and none of you fools give a crap.
Re: "not tolerated," but they allowed it (Score:1)
Re: (Score:3)
Re: (Score:2)
No, the fact that it was available to him doesn't mean he had the right to take it home. He probably needed to access it to do his day's work. He knew he wasn't allowed to take it home and still did it, so he's getting sued. Sounds reasonable.
It's a hard pushed analogy, but butchers need knives to do their day's work, that doesn't mean they're allowed to use them to stab their colleagues. They know that, and if they do it, they get prosecuted for it.
Re: (Score:3)
It is standard policy to not bring home customer data or download it. Now, Morgan Stanley might have different rules than places I have worked, but chances are, they are the same. You can only access customer data from the corporate network, and you cannot download it, ever. Just breaking that rule would be enough to get him terminated immediately.
Criminal charges would then depend on what he did with the data, or if he failed to protect it. If he was the source of the breach, he violated company polic
Re: (Score:2)
You know what's funny? Sales-critters stealing client contact info (to start their own businesses, take it with them to a competitor, etc) used to be almost standard operating procedure 20-30+ years ago...
Re: (Score:2)
Still does happen, but now there's the extra risk that the public cares about that data now more than ever. If that sales critter isn't careful he will not be able to prevent himself from being either the target of an actual breach or the fall guy for a breach. The game is now a lot more dangerous if you aren't as smart as you are unscrupulous.
Re: (Score:2)
Happens All The Time (Score:4, Interesting)
The only thing that's weird about that is that is wasn't while leaving the company. Typically financial advisors do a data dumb of their clients and holding when they decide to switch to a different firm. The moment the advisor puts in notice a whole team of people work to contact customers to get permission to move so that the assets can be re-papered under the new firm. It's not unusual for a team to meet with an advisor and personally fly the paperwork/data back to the home office in order to speed up the transition.
Re: (Score:3, Interesting)
This is exactly right. My first job at 19 was working for brokers like this guy manage their clients and did so for several years. I personally helped the transition of many brokers from competitor firms to ours doing this exact thing, and was also on the other side fighting to keep clients when a financial adviser left the firm for a competitor.
The Catch-22 of the financial adviser world is that the firm, not the broker, owns the data about the client, because they have a fiduciary responsibility to keep
Re: (Score:1)
Cognitive dissonance. I'm amazed at how we can forbid something when it negatively affects us but also be complicit in it when it serves us. We do it all the time though, e.g. cheating on your spouse with someone who's married. There's another injured party in that transaction that could easily have been 'you'. Lack of compassion? Who knows...
Edited (Score:2)
FTF Them
Re: (Score:1)
And the NSA.
Also makes clear that it will not be noticed... (Score:5, Insightful)
... for a long time. Or at all.
But here is the dirty little secret of all Data Leakage Detection and Prevention software: It does not work except against fully clueless people. It is basically just intimidation but lacks actual teeth. The only way to prevent data leakage is by treating your employees well and respect them. Because employee loyalty is the only thing that helps. I guess these companies have forgotten that little fact and are now paying the price for that.
It was this one guy (Score:2)
Since the problem has been taken care of, we see no need to change any of our policies, in particular spending on security. Your life savings are very important to us.
Sounds more like Morgan Stanley screwed up. (Score:5, Informative)
Basically, high end financial advisors and their employers have a large argument about who the clients "belong to".
Both the brokers and the employers claim the clients are THEIRS. Which means that when they quit their job, they each try to 'keep the clients'. The employers claim 'we gave you the leads that lead to that client', while the brokers claim "I spent 3 years building a relationship - even letting that client beat me at golf and I HATE golf."
The Employers do not for example tell the clients were the new broker went to, even if the clients ask. Instead, they often accuse the brokers (as in press legal charges and try for injunctions) and prevent them from talking to the clients after they quit. It's gets so bad that some employers might try to prevent a broker from talking to his own father, because they claim his father is a client of the Employer, not the broker.
The brokers often copy as much information as possible about their clients, not just phone numbers, but financial statements, etc. You need this information to give the clients real service. You can't tell all your clients with trust accounts about the new financial trust services at your new firm if you don't know which clients have trust accounts.
If the broker took someone else's clients, than he clearly broke the law. But if he simply copied records of people he had a relationship with - i.e. his own clients - then Morgan Stanley is simply being a douchebag company accusing him of violating privacy when THEY are the one violating the privacy.
Let's be honest here - the real truth is the CLIENT should be allowed to determine who they want to do business with. If the client wanted to do business with Morgan Stanley, then the broker should not keep their information - but it is reasonable for them to take it with them when they switch jobs as they can't tell the client they are quitting until after they quit and they need that information to attempt to make the sale.
If the Client wants to keep business with the Broker, than Morgan Stanley should delete all their information after the switch is made.
Re: (Score:2)
Both the brokers and the employers claim the clients are THEIRS.
Pretty sure they both can claim it, but only the broker is correct. The employee has no right to claim it while employed to do such work -- unless the client was a client PRIOR to becoming an employee. If you are paid (hourly, salary, commission, or other) to find new clients, the company "owns" them, not the employee.
It may be SOP to do otherwise (or claim otherwise), but that doesn't mean it is legal either.
Re: (Score:2)
1) You are saying the company OWNS the client. NO That is called slavery, which is illegal. Clients are people, people that have not signed contracts. The CLIENTS should decided who they go with and that means the broker should have the right to call up the client and ask them to go with them. The employers try to stop this with abusive contracts with the brokers - but that does not make it "ethical", nor does it always make it legal. Just because a company makes an
Re: (Score:2)
You've made numerous mistakes, using numerous fallacies:
1) You are being silly. Note that I put "OWNS" in quotes, because while the word does in fact meet some definitions of the word, I was using it as a shorthand without a very long description with the assumption that the average person should understand it's meaning (poisoning the well fallacy). We are talking about the legality of the situation, not the ethics, so I'll skip that (red herring fallacy, strawman fallacy). And the rest of your argument
Morgan Stanley Pleads Guilty? (Score:1)
I read "Morgan Stanley Pleads Guilty " and got hopeful they finally got prosecuted. I guess no such luck....
send slamhounds after him (Score:1)
keyed to his DNA.
Lucky for him they don't exist yet.