Morgan Stanley agrees to $60M settlement over compromised personal data

News and information from the Advent IM team.

Morgan Stanley has agreed to establish a $60 million fund to settle a class-action lawsuit filed by nearly a dozen customers regarding personal data that was compromised when the bank decommissioned two wealth management centers.

The proposed settlement, filed Friday in U.S. District Court for the Southern District of New York, will allow class members to make claims for up to $10,000 each in reimbursement for out-of-pocket losses and up to four hours in attested lost time at $25 per hour. Each settlement member will also automatically receive access to at least 24 months of fraud insurance.

The lost data stems from personally identifiable information (PII) regarding approximately 15 million current and former Morgan Stanley customers that was not properly deleted from two separate legacy IT systems in 2016 and 2019. The bank sold the legacy systems with unencrypted data to third parties. It was then later informed by parties with access to the systems that customers’ PII had not been wiped before they were sold.

The data included customers’ names, addresses, account information, Social Security numbers, dates of birth, credit card numbers, and other personal information, the settlement said.

Morgan Stanley began informing its customers about the issue in July 2020.

Read via Compliance Week 

Share this Post