At a glance.
- Morgan Stanley to pay $35 million in data breach settlement.
- T-Mobile data breach settlement could be second largest in US history.
- Optus cyberattack exposes customer data.
Morgan Stanley to pay $35 million in data breach settlement.
The US Securities and Exchange Commission z(SEC) has agreed to settle charges against Morgan Stanley Smith Barney (MSSB, now known as Morgan Stanley Wealth Management) for a recent breach that exposed the data of 15 million customers. MSSB has agreed to pay $35 million to settle claims it neglected to properly dispose of hard drives and servers containing the customers’ data in what the SEC described as an “astonishing” failure to safeguard the personal identifying information. The breach was the result of Morgan Stanley’s hiring of a moving and storage company with “no experience or expertise in data destruction services” to dispose of the equipment, which later landed on an internet auction site.
Gurbir S. Grewal, director of the SEC’s Enforcement Division, stated, “MSSB’s failures in this case are astonishing. Customers entrust their personal information to financial professionals with the understanding and expectation that it will be protected, and MSSB fell woefully short in doing so…Today’s action sends a clear message to financial institutions that they must take seriously their obligation to safeguard such data.” Though Morgan Stanley has not admitted to any wrongdoing, a spokesperson told TechCrunch that they are pleased with the resolution of the charges, adding, “We have previously notified applicable clients regarding these matters, which occurred several years ago and have not detected any unauthorized access to, or misuse of, personal client information.”
T-Mobile data breach settlement could be second largest in US history.
In another breach settlement, global telecom company T-Mobile has agreed to pay $350 million to settle a lawsuit resulting from a 2021 cyberattack that potentially exposed the data of nearly 80 million customers. CNET notes that If approved, the settlement will be the second largest of its kind in the US, beaten only by Equifax’s 2019 breach settlement for $700 million. The T-Mobile breach was the result of a cyberattack, although it’s unclear exactly how many individuals were compromised. According to court filings, approximately 76.6 million people were impacted, and an individual attempting to sell the info on the dark web claimed it was connected to 100 million people, but T-Mobile says only about 850,000 individuals were exposed. The hacker who claimed responsibility for the attack, John Binns, told the Wall Street Journal, “I was panicking because I had access to something big. Their security is awful.” The settlement is not an admission of guilt, but T-Mobile released a statement declaring, "Customers are first in everything we do and protecting their information is a top priority. Like every company, we are not immune to these criminal attacks."
Optus cyberattack exposes customer data.
Wireless carrier Optus, the Australian unit of telecommunications company Singapore Telecommunications, has disclosed it suffered a cyberattack that resulted in the compromise of customer’s home addresses, passport numbers, and phone numbers, the Business Inquirer reports. For a subset of customers, addresses and identification data such as driver's license or passport numbers may also have been accessed, but payment data and account passwords were fortunately not exposed. The Guardian explains that the attackers, who are believed to be working for a criminal or state-sponsored organization, accessed the sensitive information by breaking through the telco's firewall. In a statement on its website, Optus said that upon discovery of the malicious activity, its administrators immediately shut down the attack, and they are working with the Australian Cyber Security Centre to investigate.
“We are devastated to discover that we have been subject to a cyber-attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it, “Optus CEO Kelly Bayer Rosmarin told the ABC. She added that the breach involves both current and former customers, but that “it's just too early for us to give specific numbers. It is a significant number and we want to be absolutely sure when we come out and say how many [customers have been affected]." According to publicly available data, Optus has 9.7 million subscribers. The company noted that mobile and home internet services were not impacted by the incident, and that Optus services remain safe to use.