Morgan Stanley Smith Barney is the latest company behind Sony and Epsilon to have its customers' personal data compromised.
The investment firm notified 34,000 of its clients late last month that two CD-ROMs containing sensitive information had gone missing after being sent to the New York State Department of Taxation and Finance for standard tax reporting purposes. The package did reach the department intact; however, it disappeared at some point after delivery. The missing information includes names, address, account numbers, tax identification numbers, the amount of money clients earned on 2010 investments and in some cases Social Security numbers.
"It would be difficult to get into these investment accounts," says Chris Maag, the reporter at Credit.com who broke the story earlier this week after one of his colleagues received a notification letter from Morgan Stanley that their information is in jeopardy. "But if however you were to get this, you would have the names, home addresses and social security numbers of people you know to be pretty high net income, high net wealth. And that's valuable information. That right there could be sold on the black market for quite a bit of money."
The investment firm told Maag in a phone interview that, to date, "There's no evidence that there was any criminal intent here, or actual misuse of this information."
But until the CD-ROMs are safely located, there is really no way to know this for sure. The uncertainty over the matter is heightened by the fact that the investment firm only password-protected the disks and took no steps to encrypt the files.
"It's kind of like they did the bare minimum, but they did not take the extra step to encrypt [the information]," says Maag, who joined The Daily Ticker's Aaron Task. "They are going to look into changing and enhancing their security procedures from here on out and they are going to look into improving how to send this information to the state."
In letters to its clients whose Social Security numbers have been placed at risk, Morgan Stanley says it will pay for credit-monitoring services. All other clients involved in the data breach were advised to self-monitor accounts for any unusual activity.
Microsoft yesterday issued 13 security updates that patched 22 vulnerabilities in Internet Explorer, Windows, Office and other software, including one that harked back two decades to something dubbed "Ping of Death."
Microsoft released 13 security bulletins, patching 22 vulnerabilities across its product line, including two critical updates affecting Internet Explorer and the Windows DNS Server. While Microsoft issued fewer updates this month, August was still marked as a busy month for system administrators.
Hackers flying the AntiSec banner today released what they said was 400 megabytes of internal data from a government cybersecurity contractor, ManTech, as part of their campaign to embarrass the FBI every Friday, as well as target other government agencies and their partners.
The U.S. Attorney's Office in Houston has brought charges against four men for stealing more than $400,000 as part of an ATM skimming scam targeting local banks.
A gang that made more than $72m (£45m) peddling fake security software has been shut down in a series of raids.
