By Colin Staub of E-Scrap News
Financial institution Morgan Stanley recently told customers an ITAD vendor’s mistakes may have left personal information susceptible to misuse. Multiple clients have filed suit against the investment firm.
Morgan Stanley on July 10 wrote to clients disclosing “potential data security incidents” related to their personal information. The incidents occurred during multiple ITAD processes over the past four years, according to the letter.
“In 2016, Morgan Stanley closed two data centers and decommissioned the computer equipment in both locations,” the company wrote. “As is customary, we contracted with a vendor to remove the data from the devices. We subsequently learned that certain devices believed to have been wiped of all information still contained some unencrypted data.”
In an incident in 2019, another ITAD project involved retiring and replacing computer servers in multiple local branch offices, according to a separate notification the company issued to the Iowa Attorney General’s Office. These retired servers may have stored personal information.
“During a recent inventory, we were unable to locate a small number of those devices,” wrote Gerard Brady, chief information security officer for Morgan Stanley. “The manufacturer subsequently informed us of a software flaw that could have resulted in small amounts of previously deleted data remaining on the disks in unencrypted form.”