Morgan Stanley Discloses Data Breach
Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
Morgan Stanley has confirmed a data breach in which attackers were able to access personal information belonging to customers by targeting a vulnerability in the Accellion FTA server.
The server belonged to Guidehouse, a vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, the bank said in a letter disclosing the incident. Attackers were able to access participant data, including name, last known address, birth date, Social Security number, and corporate company name. The data compromised did not include passwords that could be used to access financial accounts.
Morgan Stanley said the compromised files were encrypted; however, attackers were able to obtain the decryption key during the breach.
This makes the bank one of many organizations affected by the vulnerability in the Accellion FTA server, an issue disclosed earlier this year. Following Accellion's January announcement, several businesses experienced data theft and subsequent extortion attempts.
While Guidehouse patched the vulnerability within five days of its availability, the attacker was able to access the data around that time, officials said. The vendor discovered the attack in March 2021 and learned it affected Morgan Stanley in May. It says the delay was due to the trouble in determining which files were stored in the Accellion FTA server when it was exposed.
Read more details here.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024