Morgan Stanley to Pay 6 States $6.5M Over Client Data Security

New York Attorney General Letitia James and a coalition of five attorneys general reached a $6.5 million agreement Thursday with Morgan Stanley Smith Barney LLC for compromising the personal information of millions of customers nationwide.

According to James’ office, Morgan Stanley “failed to decommission its computers and erase unencrypted data in certain computer devices that were later auctioned while still containing consumers’ personal information, including data belonging to 1.1 million New Yorkers.”

New York, according to James, will receive $1,658,047 from the settlement and Morgan Stanley will be required to strengthen its data security measures.

The other states are Connecticut, Florida, Indiana, New Jersey and Vermont.

“No one should have their personal information auctioned off without their knowledge because a company failed to take basic steps to erase it before selling their old computers,” James said in a statement.

“Today’s agreement requires Morgan Stanley to bolster its cybersecurity so consumers will never again have to risk their personal data unintentionally being sold at an auction,” James said. “Companies, big and small, must all take their responsibility to protect their customers’ data seriously, and if they do not, my office will take action.”

The two data incidents were reported in July 2020.