June 9, 2016
Morgan Stanley has agreed to pay a $1 million fine to settle U.S. Securities and Exchange Commission civil charges that security lapses at the Wall Street bank enabled a former financial adviser to tap into its computers and take client data home, the regulator said on Wednesday.
The settlement resolves allegations related to Galen Marsh’s unauthorized transfers from 2011 to 2014 of data from about 730,000 accounts to his home computer in New Jersey, some of which was hacked by third parties and offered for sale online.
Marsh was sentenced in December to three years probation and ordered to pay $600,000 in restitution after pleading guilty to one felony count of unauthorized access to a computer. Prosecutors had sought prison time.
According to the SEC, Morgan Stanley violated a federal regulation known as the Safeguards Rule by failing to properly protect customer data, allowing Marsh to access names, addresses, phone numbers, and account holdings and balances.