The Securities and Exchange Commission (SEC) recently forced Morgan Stanley Smith Barney to pay $1 million in a settlement that marked a turning point in the agency’s focus on cybersecurity issues, an area that the agency has proclaimed a top enforcement priority in recent years. The settlement addressed various cybersecurity deficiencies that led to the misappropriation of sensitive data for approximately 730,000 customer accounts. Morgan Stanley violated the “Safeguards Rule.” Adopted in June 2000, the rule requires registered broker-dealers, investment companies and investment advisers to (1) adopt written policies and procedures that address administrative, technical and physical safeguards reasonably designed to insure the security and confidentiality of customer records and information, (2) protect against anticipated threats or hazards to the security or integrity of customer records and information and (3) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.
The SEC found that MSSB failed to implement sufficient safeguards to protect customer information. MSSB lacked reasonably designed and operating authorization modules restricting employee access to only customer data for which the employee had a legitimate business need, failed sufficiently to audit and/or test module effectiveness and did not adequately monitor and analyze employee access to, and use of, information portals. Because of this, a financial advisor, Galen Marsh, was able to access sensitive personally identifiable information relating to the customers of other financial advisors, including their account balances, securities holdings and other personal information. The information he obtained was then offered for sale on at least three sites. This settlement is the first significant enforcement action undertaken by the SEC since it began prodding financial firms to shore up their cybersecurity defenses five years ago.
The posting on this site are mere OPINIONS and NOT statements of fact in any way whatsoever. The information should not be relied upon and there have been no findings made against the firms or individuals referenced on this site. In addition, this Blog is made available for educational purposes only and incorporates information from the web as well as to give you general information and a general understanding of the law, not to provide specific legal advice. By using this blog site you understand that there is no attorney client relationship between you and Stoltmann Law Offices (161 N Clark Street 16th Floor Chicago, IL 60601). The Blog opinions should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.
PLEASE NOTE THIS IS ADVERTISING AND IT IS NOT A NEWSPAPER ARTICLE OR POST FROM AN INDEPENDENT OR NON-BIASED, NEWS SITE, NEWS SOURCE OR NEWSPAPER.