Morgan Stanley is a fairly prominent financial institution in the United States with millions of users. Recently it was reported that the company was sued by the Securities and Exchange Commission (SEC) for failing to encrypt user data.
The SEC is said to have found that Morgan Stanley left users' personal data unencrypted from 2015 until 2020, and did not use the services of a certified data disposal and storage company to dispose of the server machines and user data.
The SEC audit found that Morgan Stanley did not use software or encryption storage such as self-encrypting storage (Self-encrypting Drive) during the five years before changing to a new server machine system.
Morgan Stanley is also said not to examine the data disposal process where the data contained in the storage is not deleted and instead the storage is sold to a third party.
The SEC has sued the company for $35 million (~RM160 million) and Morgan Stanley is also reported to have paid the suit without admitting wrongdoing or denying the SEC report.
