Morgan Stanley agrees to pay millions to settle data breach claims

Agreement still need to be approved by US District Judge

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Wall Street bankMorgan Stanleyhas agreed to pay $60m to settle a lawsuit filed by customers who say the firm’s poor security practices left their personal data at risk.

A preliminary settlement of the class action lawsuit was recently filed in Manhattan federal court though it still requires approval by US District Judge Analisa Torres according to anew reportfromReuters.

If approved, the proposal would provide at least two years ofidentity theft protectionfor the 15m customers affected by two separate security breaches. They will also be able to apply for reimbursement of up to $10k in out-of-pocket losses.

According to Morgan Stanley’s settlement, the company denies any wrongdoing though in time since the two incidents occurred, it has made “substantial” upgrades to itsdata securitypractices.

Decommissioned equipment

In their class action lawsuit, current and former Morgan Stanley customers accused the bank of failing to properly wipe decommissioned equipment from twodata centerscontaining unencrypted customer data back in 2016 before it was resold to unauthorized third parties.

Additionally, the lawsuit says that several olderserverswhich also contained customer data went missing after the firm transferred them to an outside vendor back in 2019. However, Morgan Stanley was later able to recover the servers in question according to court papers.

Back in October of 2020, Morgan Stanley agreed to pay a $60m civil fine to resolve accusations that its information security practices were unsafe or unsound put forth by the US Office of the Comptroller of the Currency.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In a recent email, the firm said that it had notified all affected customers and that it was pleased to finally settle the class action lawsuit against it.

We’ve also highlighted thebest firewall,best malware removal softwareandbest endpoint protection software

ViaReuters

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)