Morgan Stanley Receives $60 Million Fine for Improper Handling of Customer Data

Morgan Stanley investment bank must pay a whopping $60 million fine for failing to properly decommission multiple business data centers that stored sensitive customer information, the Office of the Comptroller of the Currency (OCC) announced earlier th… Continue reading Morgan Stanley Receives $60 Million Fine for Improper Handling of Customer Data

Negligent data center shutdowns bring $60 million fine for Morgan Stanley

Investment bank Morgan Stanley is paying a $60 million fine to the U.S. government for mishandling the decommissioning of two data centers in 2016, and potentially exposing customer information. The bank reported the problem to wealth management customers this summer, saying that pieces of hardware from the facilities still had some customer data on them after they reached a recycler. In 2019, a similar situation arose during the decommissioning of network devices that stored customer data, according to Office of the Comptroller of the Currency, the Treasury Department agency that announced the fine Thursday. The case is a reminder that potential data breaches come in many forms beyond the usual concepts of cybercriminals hacking into networks to or using business email compromise to trick employees. In both cases at Morgan Stanley, the bank “failed to adequately assess the risk of subcontracting the decommissioning work, including exercising adequate due diligence in […]

The post Negligent data center shutdowns bring $60 million fine for Morgan Stanley appeared first on CyberScoop.

Continue reading Negligent data center shutdowns bring $60 million fine for Morgan Stanley

US financial regulator fines Capital One $80 million over data breach

A U.S. financial regulator has fined Capital One $80 million in connection with the 2019 data breach that compromised details on approximately 106 million people. The Office of the Comptroller of the Currency, a bureau within the Department of Treasury, announced the penalty over the bank’s failure “to establish effective risk assessment processes” before moving “significant information technology operations” to the cloud. OCC also flagged the bank for not correcting “deficiencies in a timely manner.” The bank also is required to improve its data security practices and update its approach to risk management as part of a consent decree with the OCC. Capital One reported $28.6 billion in total revenue in 2019. The McLean, Va.-based bank announced in July 2019 that a hacker had accessed information about 100 million credit card customers and applicants in the U.S., and another 6 million people in Canada. Customer addresses, income figures, birth dates […]

The post US financial regulator fines Capital One $80 million over data breach appeared first on CyberScoop.

Continue reading US financial regulator fines Capital One $80 million over data breach

Cybersecurity is U.S. bank regulator’s top priority

Cybersecurity is the top priority for the office charged with regulating and supervising all banks in the U.S., according to the newly released bank supervision operating plan for 2018 from the Treasury Department’s Office of the Comptroller of the Currency. The declaration comes amid an environment where attackers are multiplying and the threat surface is rapidly expanding. Experts expect the reaction from banks to be greater focus and spending on cybersecurity. “Cyber threats are increasing in speed and sophistication,” Comptroller of the Currency Keith Noreika said earlier this year in an OCC Risk Perspective. “These threats target large quantities of personally identifiable information and proprietary intellectual property and facilitate misappropriation of funds at the retail and wholesale level. Phishing is a primary method for breaching data systems and is often the entry mechanism to perpetrate other malicious activity, such as installing ransomware, accessing confidential information, compromising internal systems to effect payments, or conducting espionage.” One area sure […]

The post Cybersecurity is U.S. bank regulator’s top priority appeared first on Cyberscoop.

Continue reading Cybersecurity is U.S. bank regulator’s top priority