$60 Million+ for Morgan Stanley

Secure data PII
  • In 2016 and 2019, Morgan Stanley’s legacy infrastructure was decommissioned without removing sensitive data that contained personally identifiable information (PII).
  • As a result, old hardware containing 15 million current and former clients’ data was sold to the open market.

The prospect of new technology also needs to consider what is done with the old.

Reportedly, between 2016 and 2019, Morgan Stanley failed to properly dispose of certain IT assets that had customer data on it. Those assets were then sold on the open market. As a result, unauthorized third parties may have gained access to Morgan Stanley’s clients’ private information including, but not limited to: names, work and home addresses, Social Security numbers, driver’s license numbers, income, asset value, asset holdings information, passport information, telephone numbers, dates of birth and other personal information (collectively, “PII”). Some of these devices that may contain customer PII were sold on the internet and/or remain unaccounted for.[1]

In addition to $60 million in direct outlays, the outside legal and discovery costs to Morgan Stanley, the internal employee costs within the legal and IT organizations to research and gather evidence and the overall reduction in trust in the organization, added up to a $100 million problem.

Self-Inflicted Breach

Lock representing sensitive data, or PII

Unfortunately, the Morgan Stanley case is not unique. It’s clear that the act of migrating data from old platforms to new, whether it’s on-premises or the cloud, requires an understanding of the total effort.

Unlike data breaches like Yahoo and Equifax in the cloud, this had no outside cyber threats attached to it. The equipment was sold off with everything still inside, ready to turn on and use.

The Bigger Picture

When moving from old to new technology, a plan is critical. For example, if you sell your home and move to a new one, there is a process. First, deciding what goes to the new house and what does not (is there value and use for it), so you might have a garage sale, donate items, give items to friends and family, etc.  Items you want to retain go to a storage locker. Then, you organize and pack what goes to the new house by room, simplifying the move out and move in. You optimize the process so as not to move items to the new house that you will ultimately throw out or donate.

The same is true for modernization efforts: decide what is of value, what needs to move to the new systems, what you need to retain for compliance, etc. 

Safely and Compliantly Modernize with Platform 3 Solutions

Platform 3 Solutions is a global leader in end-to-end data management from legacy applications to modern cloud applications. We offer a full suite of products, services, and support to ensure a seamless transition from legacy technology to new and innovative platforms.

We deliver significant savings to free up cash allowing investment into innovations, modernization, and growth for the business. We have a proprietary process and technologies to assess the true technology debt and deliver an ROI by removing expensive and complicated end-of-life technologies, simplifying business operations, and mitigating their risk profile.

Contact us or email us directly to complete your transformation and properly remove the debt from your technology landscape.


[1] https://www.morganstanleydatasecuritysettlement.com/

Leave a Reply