Morgan Stanley will pay $35 million to settle allegations that it scrapped computer servers and hard drives without ensuring they no longer held sensitive customer information, regulators said.
The SEC also alleged that Morgan Stanley lost track of 42 computer servers that potentially contained unencrypted customer data. The missing servers were used in local offices where stockbrokers and investment advisers dealt with clients, the SEC said. The conduct violated a regulation that requires brokers and money managers to protect the security and confidentiality of certain customer records, the SEC said. The $35 million fine represents a steep penalty for an alleged record-keeping misstep. Last year, the SEC imposed fines of $300,000 or less on three smaller financial-advisory firms accused of similar violations.
“If not properly safeguarded, this sensitive information can end up in the wrong hands and have disastrous consequences for investors,” SEC Enforcement Director Gurbir Grewal said.
Jeffrey Newman is a whistleblower lawyer with the firm Newman & Shapiro and he can be reached at Jnewman@NewmanShapiro.com or at 978-880-4758