NEW YORK (Legal Newsline) – Morgan Stanley Smith Barney LLC will pay $1 million to settle allegations it failed to protect customer information, the Securities and Exchange Commission (SEC) announced.
Morgan Stanley purportedly failed to adopt sufficient policies to protect consumer data. The SEC believes that from 2011 to 2014, this alleged failure led to 730,000 accounts being transferred to an employee’s personal server, which was then ultimately hacked by third parties.
“Given the dangers and impact of cyber breaches, data security is a critically important aspect of investor protection,” Andrew Ceresney, director of the SEC Enforcement Division, said. “We expect SEC registrants of all sizes to have policies and procedures that are reasonably designed to protect customer information.”
Morgan Stanley allegedly violated Rule 30(a) of the Regulation S-P, also known as the Safegaurds Rule. The company agreed to the settlement but would not admit any wrongdoing.
William Martin and Simona Suh of the Enforcement Division’s Market Abuse Unit handled the case for the SEC, under the supervision of Joseph G. Sansone, co-chief of the unit. The New York Field Office of the Federal Bureau of Investigation and the U.S. Attorney’s Office for the Southern District of New York also helped in the matter.