SEC Fines Morgan Stanley For Theft Of Customer Data

The Securities and Exchange Commission fined Morgan Stanley Smith Barney LLC , the broker-dealer and investment adviser, $1 million on Wednesday for allegedly failing to protect customer information. Morgan Stanley agreed to settle the charges without admitting or denying them. Between 2011 and 2014 a then-employee, Galen J. Marsh, accessed and transferred data regarding approximately 730,000 accounts to his personal server, which was ultimately hacked by third parties. Some of the data was offered for sale online. Morgan Stanley did not audit or test policies that would have restricted access to the data and did not monitor or analyze employees' access to and use of the internal websites. Marsh was criminally convicted for his actions last year and must serve 36 months of probation and pay $600,000 in restitution. He is also barred from the industry with the right to apply for reentry after five years.