Security News > 2021 > July > Morgan Stanley reports data breach after vendor Accellion hack
Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.
Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.
Guidehouse discovered the breach in March and the impact to Morgan Stanley customers in May, when it notified the financial services company of the incident and that no evidence was found of the stolen data being disseminated online by the threat actors.
"There was no data security breach of any Morgan Stanley applications," Morgan Stanley said in data breach notification letters sent to impacted individuals.
"The protection of client data is of the utmost importance and is something we take very seriously," a Morgan Stanley spokesperson told BleepingComputer.
While the attackers' identity was not disclosed in Morgan Stanley's data breach notification, a joint statement published by Accellion and Mandiant from February shed more light on the attacks, directly linking them to the FIN11 cybercrime group.
News URL
Related news
- 2025 Data Breach Investigations Report: Third-party breaches double (source)
- PowerSchool previously hacked in August, months before data breach (source)
- Western Alliance Bank notifies 21,899 customers of data breach (source)
- Sperm donation giant California Cryobank warns of a data breach (source)
- Pennsylvania education union data breach hit 500,000 people (source)
- StreamElements discloses third-party data breach after hacker leaks data (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)
- Food giant WK Kellogg discloses data breach linked to Clop ransomware (source)
- The quiet data breach hiding in AI workflows (source)
- Hertz confirms customer info, drivers' licenses stolen in data breach (source)