Security News > 2022 > September > SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data
SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships.
In a notice posted Monday, the SEC announced that the company consented to the agency's finding that it violated federal regulations regarding the safeguarding and disposal of customer data.
Tasked with decommissioning thousands of hard drives and servers with customer data on several occasions, the company hired a moving and storage firm with no experience in data destruction and failed to monitor the firm's work, according to the SEC. The agency's investigation found that the moving firm sold thousands of the servers and hard drives, some with customer PII, to a third party.
The fine combined with MSSB's failures to protect personal data should serve as a wake-up call to other organizations that collect and store sensitive customer information.
"Suffice to say this should be seen as a board-level accountability topic. This news should create a call to action to review data security capabilities and ensure that internal audits encompass the testing and proving of data security controls."
Also See Share: SEC fines Morgan Stanley Smith Barney $35 million over failure to secure customer data.