As if hackers aren’t bad enough, now employees are stealing data. Morgan Stanley fired a financial adviser after he took client data and posted some of it for sale. As many as 10 percent of wealth management clients may have had information compromised.
Justin Baer had these details in a story for The Wall Street Journal:
Morgan Stanley fired one of its financial advisers after it accused him of stealing account data on about 350,000 clients and posting some of that information for sale online, in potentially the largest data theft at a wealth-management firm.
The bank last week terminated Galen Marsh, who worked at a Midtown Manhattan branch of Morgan Stanley, a person familiar with the matter said.
Robert Gottlieb, Mr. Marsh’s attorney, said his client had acknowledged obtaining the account information and confirmed that he was fired. But Mr. Gottlieb said Mr. Marsh didn’t post the data online, and wasn’t seeking to sell it.
Morgan Stanley said its employee downloaded information on about 10% of its wealth-management clients, totaling about 350,000. The bank said that on Dec. 27 it discovered data related to about 900 of its client accounts during a routine review of public websites known to traffic in such information. The data, which included account names and numbers, states of residence and asset values, appeared on the Internet “briefly,” the firm said Monday in a statement.
Lauren Tara Lacapra wrote for Reuters that Marsh denied the accusations about him through his lawyer:
Robert Gottlieb, who is representing Marsh with the law firm Gottlieb & Gordon, denied that his client posted the information online or tried to sell it. He also said Marsh is “devastated by what has occurred and is extremely sorry for his conduct.”
“This is an employment matter between Mr. Marsh and Morgan Stanley,” Gottlieb said. “He has acknowledged that he should not have obtained the account information and he has been cooperating fully with Morgan Stanley to protect the firm and its customers.”
The bank discovered the post as part of a routine Internet sweep on Dec. 27 and quickly got the information taken down, said the person, who was not authorized to speak publicly about the matter.
Marsh did not immediately return phone calls or messages seeking comment. He joined Morgan Stanley in April 2008 as a sales assistant, entered its trainee program in 2010 and became a financial adviser in March 2014.
The leaked information included clients’ names and account numbers, but not passwords or Social Security numbers. The account numbers have since been changed, and Morgan Stanley has been notifying affected clients.
The Financial Times story by Tom Braithwaite pointed out the breach was small compared to those at other banks:
The data breach is large: Morgan Stanley operates the second-biggest wealth management operations in the US, behind Merrill Lynch, and serves the equivalent of more than one in 100 Americans, who use brokerage accounts to trade stocks and bonds.
But it is dwarfed by several big data breaches in 2014, including the 76m households affected by a hacking incident at JPMorgan Chase, the nation’s largest bank by assets.
In that incident, which is believed to have been perpetrated by outside computer hackers, JPMorgan disclosed in October that contact details, but no account numbers or social security numbers, were compromised.
The Morgan Stanley theft shows the difficulties financial institutions have in securing their data against internal threats.
Forbes writer Antoine Gara pointed out that this puts a dent in Morgan Stanley’s plans to expand into wealth management as an alternative to other types of banking:
Before the financial crisis, Morgan Stanley, like its investment banking peers Goldman Sachs Group, Bear Stearns, Merrill Lynch and Lehman Brothers, relied on trading for the vast majority of its revenue and profits. However, after the crisis felled Bear, Merrill and Lehman, Gorman took over Morgan Stanley’s top job with a strategy to diversify the bank into wealth management activities, which aren’t as risky or capital intensive as trading.
Gorman’s wealth management bet has paid off. Morgan Stanley is now in a stronger capital position than it was before the crisis and investors are taking a liking to its exposure to non-trading earnings, which now account for over 40% of the bank’s total revenue. For Morgan Stanley, positive sentiment is a long-time coming after the firm worked hard to recover from rating agency downgrades, regulatory changes and intermittent market panics in Europe in the years immediately following the crisis.
When reaching $2 trillion in wealth management assets in July, Gorman said it was “testament to the trust that our clients place in us and a sizable store of ballast, giving great stability to our business model.”
Now, after a leak of client data at the hands of one of its own, Gorman and Morgan Stanley’s wealth management team will need to work hard to regain that trust.
It’s yet another blow to the banking industry and one that shows even the wealthiest, whose information is so closely guarded, aren’t immune to having their information stolen. Because much of money management depends on trust, it could be hard for Morgan Stanley to win new clients.
