Morgan Stanley has agreed to pay $60 million to settle a lawsuit by customers who said the Wall Street bank exposed their personal data when it twice failed to properly retire some of its older information technology. A preliminary settlement of the proposed class action on behalf of approximately 15 million customers was filed Friday evening in Manhattan federal court and requires approval from U.S. District Judge Analisa Torres.
Morgan Stanley denied wrongdoing by agreeing to a settlement and has made “substantial” upgrades to its data security practices, according to the settlement papers.
Customers accused Morgan Stanley of failing to decommission two asset management data centres in 2016 before the unencrypted equipment, which still contained customer data, was sold to unauthorized third parties.
They also said some older servers containing customer data were gone after Morgan Stanley handed them over to a third-party vendor in 2019. Morgan Stanley later found the servers, court papers show.
In October 2020, Morgan Stanley agreed to pay a $60 million civil fine to resolve allegations made by the U.S. Office of the Comptroller of the Currency related to the incidents, including that its information security practices were unsafe or unsound.
(Image Courtesy: www.topclassactions.com)