September 22, 2023


Networking, Computer, PBX, IT, DIY Solution

Why is Selling second-hand hard drives is fined $35 million?

3 min read

Why is Selling second-hand hard drives is fined $35 million?


Why is Selling second-hand hard drives is fined $35 million?   Morgan Stanley fined $35 million

Auction of second-hand hard drives also happened? Morgan Stanley agreed on the 20th to pay the SEC a $35 million fine for violating information security rules and leaking tens of millions of customer data, which the SEC considered a “stupid error.”


Morgan Stanley, one of the financial services giants in New York, paid a serious price for a stupid thing many years ago, as high as 35 million US dollars, and even the US Securities and Exchange Commission called it “stupefying”. fail”.



The whole thing started in 2016, when Morgan Stanley hired a moving company to assist in the removal of old hard disks from the decommissioned data center, a total of 53 disk arrays, a total of about 1,000 hard disks, and 8,000 disks. Backup film.

Perhaps due to cost considerations, the company hired by Morgan Stanley did not have any basic knowledge of information security, but promised to have an outsourced information expert who would be responsible for erasing hard drive data and then destroying it.


About a year after the end of the plan to replace the old data center, the Morgan Stanley Information Security Office received an email from Oklahoma Information Security Consultants, saying that it had bought a second-hand hard drive on the Internet. But it is full of Dalmore’s customer information:

As a major financial institution, you should follow all relevant procedures, at the very least, obtain a hard drive destruction certificate from the contractor.


Morgan Stanley immediately repurchased the hard drive and investigated the cause.

It turned out that the moving company didn’t hire an IT staff to remove the hard drives, but resold all the hard drives to another company, which then put the entire batch up for sale on an auction site.

Not to mention destroying these hard drives, even the most basic formatting or clearing of data is not done, and all customer information is completely preserved.


“Although these hard disks have encryption functions, Morgan Stanley has not enabled them,” the SEC statement said.

Although Morgan Stanley began to enable hard disk data encryption in 2018, it was only for newly written data, and the data was not encrypted before.


Under this series of information security loopholes, the SEC believes that at least more than 15 million Morgan Stanley customer data has been leaked, so it fined 35 million US dollars and asked Morgan Stanley to improve immediately.


Ironically, Morgan Stanley has neither admitted nor denied the allegations, only agreeing to pay a hefty fine, stating: “We are more than happy to resolve the issues from many years ago, and have not discovered any unauthorized access to or misuse of customer information.”



Copyright © All rights reserved. | Newsphere by AF themes.