Morgan Stanley Acknowledges Insider Breach

Morgan Stanley this week began notifying almost 10 percent of its Wealth Management clients that an employee had stolen their personal data.

“The Wealth Management employee has been terminated, and law enforcement and regulatory authorities have been advised of the incident,” the company said in a statement.

The New York Times reports that the employee was Galen Marsh, 30, who had been working for Morgan Stanley since 2008, starting as a sales assistant before becoming a financial adviser in March 2014.

According to the Times, Marsh allegedly stole about 10 percent of Morgan Stanley’s 3.5 million Wealth Management customers’ account information.

A Pastebin post on December 15, 2014 offered six million Morgan Stanley account records for sale, including login credentials. On December 27, 2014, a second post listed partial information from 1,200 accounts.

Robert C. Gottlieb, Marsh’s lawyer, told the Times that Marsh never sold or intended to sell any account information.

“He did not post the information online; he did not share any account information with anyone or use it for any personal financial gain,” Gottlieb said. “He is devastated by what has occurred and is extremely sorry for his conduct.”

Steve Hultquist, chief evangelist at RedSeal, told eSecurity Planet by email that there are several lessons to learn from this breach. “Determining who has access to critical enterprise data, how they are able to combine data to use in the course of their work, and what they are able to do with it once they have access to it are all part of an overall security policy and its enforcement,” he said.

While quick and easy access to customer information can improve efficiency, Hultquist said, it can also enable data theft. “Building data and network security policies to thwart the likely approaches to steal information is a foundation for limiting possible damage,” he said. “Using automation to analyze and ensure compliance with a security policy is essential for protecting customer and corporate data assets.”

In September 2014, the FBI and the Department of Homeland Security warned of an increase in insider threats, noting, “The exploitation of business networks and servers by disgruntled and/or former employees has resulted in several significant FBI investigations in which individuals used their access to destroy data, steal proprietary software, obtain customer information, purchase unauthorized goods and services using customer accounts, and gain a competitive edge at a new company.”

And in December 2014, Norse Corporation researchers suggested that the recent Sony Pictures Entertainment breach may have been enabled by a former Sony systems administrator who was fired from the company in May 2014.

Still, a recent SpectorSoft survey of IT professionals found that 59 percent are unable to detect insider threats, and 61 percent are unable to deter them.

“The nature of insider threats — authorized persons misusing their authorization — makes it harder to detect such attacks and protect against them,” the SpecterSoft report [PDF] stated. “While the percentage of insider threats — approximately 30 percent of all cyber attacks — has stayed broadly consistent since 2004, the total number of such attacks has increased dramatically, resulting in $2.9 trillion in employee fraud losses globally per year.”

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles