Newspaper article International New York Times

Morgan Stanley Data Lost in Breach Put Up for Sale ; Bank Employee Admits to Taking Records, but Says He Posted Nothing

Newspaper article International New York Times

Morgan Stanley Data Lost in Breach Put Up for Sale ; Bank Employee Admits to Taking Records, but Says He Posted Nothing

Article excerpt

The bank traced the leak to Galen Marsh, a young financial adviser, who said he did not share the data or use it for financial gain.

In mid-December, a posting appeared on the Internet site Pastebin offering six million account records, including passwords and login data for clients of Morgan Stanley.

Two weeks later, a new posting on the information-sharing site offered a teaser of actual records from 1,200 accounts, and provided a link for people interested in purchasing more, according to a person briefed on the matter. The link pointed to a website that sells digital files for virtual currencies like Bitcoin. In this case, the files were being sold for a more obscure currency, Speedcoin.

The offer was quickly taken down the same day, Dec. 27, after Morgan Stanley discovered the leak. In short order, the bank traced the breach to a financial adviser working out of its New York offices, a 30-year-old named Galen Marsh, according to a person involved in the investigation who spoke on the condition of anonymity.

Mr. Marsh, who had been with Morgan Stanley since 2008, was quickly fired and is currently the subject of a criminal investigation by the Federal Bureau of Investigation, the person briefed on the investigation said. The Financial Industry Regulatory Authority is also examining the matter.

Morgan Stanley said on Monday that it had determined that Mr. Marsh took data on about 10 percent of its 3.5 million wealth management customers, including transactional information from customer statements.

The bank said that Mr. Marsh did not take any sensitive passwords or Social Security numbers, and that it had not found any evidence that customers suffered any losses as a result of the breach. A lawyer for Mr. Marsh, Robert C. Gottlieb, acknowledged on Monday that his client did take the information in question but said that he did not post it online, share it or try to sell it.

The case, though, points to the variety of threats banks face as they try to safeguard sensitive customer data.

While foreign hackers have been responsible for attacks on JPMorgan Chase and Nasdaq, among others, a Morgan Stanley employee was responsible for this breach. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.