Category: Morgan Stanley

Morgan Stanley Agrees to $6.5 Million Settlement with Six States Over Data Breach

Global financial services giant Morgan Stanley has reached a settlement of $6.5 million with six North American states for its failure to safeguard customer data, resulting in a compromising data leak. Residents of New York, Connecticut, Florida, Indiana, Vermont, and New Jersey will receive compensation in the form of benefits due to the company’s inability to prevent a data breach, which could have been averted with enhanced security measures.

In 2016, Morgan Stanley outsourced some of its work environment systems to a third-party vendor, which subsequently subcontracted the auction process to others. These subcontractors sold the systems without deleting customer data loaded onto them. In the following year, during the decommissioning process, the company overlooked an encryption flaw on 42 servers containing customer information, potentially allowing unauthorized access by third parties.

In both instances, the company’s failure to implement adequate data security measures resulted in information security breaches, leading to the leakage of customer information.

Samsung UK Notifies Customers of Data Breach

Samsung Electronics is alerting its customers to a data breach that may have exposed personal data to unauthorized parties. The breach encompasses individuals who purchased electronics from various UK stores between July 2019 and June 2020. Samsung identified the breach in November, attributing it to a hacker infiltrating a computer network through a software vulnerability. The leaked information includes email addresses, postal codes, phone numbers, and names, with no financial details compromised.

Samsung clarified that this recent breach is unrelated to the March 2022 security incident, where the Lapsus$ Ransomware gang hacked into the Samsung network to steal sensitive information, including the source code of Samsung Galaxy smartphones.

Booking.com Falls Victim to Phishing Attack

Amsterdam-based company Booking.com has fallen victim to a phishing attack, with cybercriminals breaching its servers. While specific details are still under investigation, the company has assured the public that no financial details were accessed by hackers. Booking.com leased out such services to a third party, and evidence suggests that the servers of the third party remained unaffected.

Russian GRU Hackers Target Denmark’s National Infrastructure

Russia’s GRU Intelligence-funded threat actors orchestrated the largest cyber-attack in Denmark’s history, targeting critical infrastructure. The Sandwork hacking group is suspected of taking down the infrastructure of approximately 22 Danish energy companies by exploiting a software flaw in the firewalls designed to defend against cyber threats. SektorCERT has released a statement on its website, affirming that the government is actively working to mitigate such risks from adversaries.

The post Cyber Security news headlines trending on Google appeared first on Cybersecurity Insiders.

Morgan Stanley, the world-renowned American firm that is into the business of financial investment, was slapped with a fine of $35 million by US SEC. And sources report that the penalty was pronounced by the US Securities and Exchange Commission for showing laxity in dealing with customer data.

Going deep into the details, it’s learned that the company disposed of some of the company servers and Hard Disk Drives (HDDS) operated in its server farms last year. And did not wipe the data before putting them for auction and selling them offline.

Estimates are in that information related to about 15 million clients were compromised in the incident as the sold HDDs contained information since 2015.

As soon as the incident was brought to light, the SEC reacted and began an inquiry and concluded that one unit of the financial services provider failed miserably in handling the data.

On the condition of anonymity, a source from the firm stated that the data mishandling was done because the IT department of the company handed over the recycling project to a new company that never had experience in data destruction.

SEC also learnt through its sources that the business never stored data of its customers in encrypted form and so the lost information might also now be accessible to people who might think to sell that data to marketing firms for additional monetary benefits.

For this reason and after confirmation, the SEC imposed a $35 million penalty on Morgan Stanley.

 

The post Data security laxity makes Morgan Stanley pay $35 million SEC Penalty appeared first on Cybersecurity Insiders.

Morgan Stanley Wealth Management, widely known as an asset management division of Morgan Stanley company, has issued a statement that a threat actor accessed their firm’s systems and tried to steal a portion of data.

Additional media updates also included the fact that the threat actor succeeded in digitally transferring money from the company’s account to the hacker’s account via the Zelle Payment service.

Now, to all those interested in learning more about Morgan Stanley’s data breach, here is some newsworthy. The threat actor tried his best to convince the staff of the company to disclose sensitive details such as banking or login credentials but failed in her intentions.

The whole of the incident occurred on February 11th this year and Morgan Stanley spokesperson confirmed that the attack did not breach any of the business systems and they remain secure as usual.

Note 1- CLOP Ransomware gang hacked into the systems of Morgan Stanley in July last year and the criminal gang stole personal information from the company servers through an Accellion software vulnerability, existing in Guidehouse, a third-party vendor related to the American Investment firm.

Note 2- On March 24th,2022 Morgan Stanley appointed Arnaud Blanchard as the head of America’s equity syndicate and he will replace Pawan Passi, who has been sent on long leave by the firm for his alleged involvement in the Block trading business.

Note 3- Block Trading is to invest in high-value transactions at a pre-determined price agreed price between two parties.

Note 4- The SEC of the United States that is looking into the matter of Passi hasn’t accused him of doing anything wrong on a professional note to date.

 

The post Morgan Stanley data breach details via social engineering attack appeared first on Cybersecurity Insiders.