Security News > 2021 > July > Morgan Stanley reports data breach after vendor Accellion hack

Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.

Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.

Guidehouse discovered the breach in March and the impact to Morgan Stanley customers in May, when it notified the financial services company of the incident and that no evidence was found of the stolen data being disseminated online by the threat actors.

"There was no data security breach of any Morgan Stanley applications," Morgan Stanley said in data breach notification letters sent to impacted individuals.

"The protection of client data is of the utmost importance and is something we take very seriously," a Morgan Stanley spokesperson told BleepingComputer.

While the attackers' identity was not disclosed in Morgan Stanley's data breach notification, a joint statement published by Accellion and Mandiant from February shed more light on the attacks, directly linking them to the FIN11 cybercrime group.

News URL

https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/