US Probing Whether Morgan Stanley Data Breach Was Linked to Fired Financial Adviser

A U.S investigation into the way Morgan Stanley (MS) information became available for sale online is looking at whether hackers targeted financial adviser Galen Marsh after he took information from the bank. Marsh was fired for taking data on up to 350,000 wealth management clients. His lawyer, however, maintains that Marsh did not try to use, sell, or publish the information for personal gain.

Now, federal investigators want to know whether there was a breach to Marsh’s computer after he took the information from Morgan Stanley, especially as there is no evidence that the firm’s own computers were hacked.

It was in December that the broker-dealer discovered that information about some 900 of its customers were published on Pastebin, which is a website. Potential buyers were asked if they would pay for more information and use a virtual currency. Morgan Stanley had the information removed from public view immediately and notified the authorities.

Since Marsh’s firing, more client data has shown up online. Marsh has admitted that he shouldn’t have obtained the data to begin with and he is reportedly cooperating with the firm to protect its clients. Morgan Stanley changed the account numbers of clients whose data Marsh took. No related fraud has been reported. Data that was breached included account numbers, client names, and investment details.

It was The Wall Street Journal that reported that federal authorities are looking into whether hackers were involved. They also want to know why Marsh took the information to begin with. He claims that he accessed the information, storing it on his computer, to figure out how successful advisers build portfolios for customers. Marsh says that he acted alone.

The hacking of financial firms is a real problem. JP Morgan Chase & Co. (JPM), Citigroup (C), HSBC Holdings (HSBA), are just some of the firms whose cybersecurity systems have been breached by hackers. At JP Morgan, data belonging to over 80 million account holders were affected—although, according to the firm, key account information was not accessed.

A report released a few weeks ago by the Financial Industry Regulatory Authority found that in its study about 20 broker-dealers, the threat of hacking by a state (not unlike the one by North Korea against Sony) was more of a worry for big investment banks, even if it wasn’t the number one fear. Instead, more firms were concerned about a cyber attack by an angry employee or a loose hacker group.

This month, the Securities and Exchange Commission started its own probe, looking at how well Wall Street investment banks and broker-dealers are equipped to fight off hackers. Based on an examination of over 100 registered firms, it appears that most of these companies have been targeted in cyber-linked incidents. The two most common ways of infiltration were fraudulent emails to get brokers to improperly move a client’s money and malware presented into a firm’s network.

Elsewhere, a hacking ring has reportedly stolen up to $1 billion from banks located in different parts of the world, penetrating over 100 banks in 30 nations. Hackers lift some $10 million from a bank and then focus their attention on the next bank. These attacks have sought to target the banks instead of customers and their accounts.

Morgan Stanley Probe Said to Examine If Adviser Hacked, Bloomberg, February 18, 2015

Brokerage Firms Worry About Breaches by Hackers, Not Terrorists, NY Times, February 3, 2015

Most Brokerages and Advisory Firms Targeted by Cybercriminals, The Wall Street Journal, February 3, 2015

Banking hack heist yields up to $1 billion, USA Today, February 15, 2015

More Blog Posts:

Morgan Stanley to Pay a $280,000 Fine to CFTC for Records and Supervision Failures Involving SureInvestment and $35M Ponzi Scam, Stockbroker Fraud Blog, September 16, 2014

Morgan Stanley Must Pay Connecticut Regulators $5M for Supervisory Violations, Stockbroker Fraud Blog, June 18, 2014

Morgan Stanley Fires Wealth Management Group Employee For Stealing Client Data, Institutional Investor Securities Blog, January 5, 2015