"Morgan Stanley agreed to pay $35 million to settle SEC charges related to what the agency described as 'extensive failures' to safeguard customers’ personal data... Over a five-year period, Morgan Stanley failed to properly dispose of devices containing its customers’ personal information, the SEC said... On several occasions, Morgan Stanley hired a moving and storage company that had no experience in erasing data or decommissioning thousands of hard drives that contained customer information, the SEC said... The moving company sold thousands of Morgan Stanley devices, including hard drives, to another company, according to the agency. Other Morgan Stanley devices, some of which contained customer data, were later sold on an internet auction site... In October 2017, an IT consultant in Oklahoma emailed Morgan Stanley to say that he had purchased hard drives from an online auction site and that he had access to the company’s data on those devices... Morgan Stanley’s 'failures in this case are astonishing,' said Gurbir S. Grewal, director of the SEC’s Enforcement Division..." https://www.barrons.com/advisor/art...y-consumer-data-51663689017?mod=mw_latestnews https://www.sec.gov/news/press-release/2022-168
