Why is Selling second-hand hard drives is fined $35 million?
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- CVE-2007-4559 Python vulnerability ignored for 15 years puts 350,000 projects at risk of code execution
- RISC-V only takes 12 years to achieve the milestone of 10 billion cores
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
Why is Selling second-hand hard drives is fined $35 million? Morgan Stanley fined $35 million
Auction of second-hand hard drives also happened? Morgan Stanley agreed on the 20th to pay the SEC a $35 million fine for violating information security rules and leaking tens of millions of customer data, which the SEC considered a “stupid error.”
Morgan Stanley, one of the financial services giants in New York, paid a serious price for a stupid thing many years ago, as high as 35 million US dollars, and even the US Securities and Exchange Commission called it “stupefying”. fail”.
The whole thing started in 2016, when Morgan Stanley hired a moving company to assist in the removal of old hard disks from the decommissioned data center, a total of 53 disk arrays, a total of about 1,000 hard disks, and 8,000 disks. Backup film.
Perhaps due to cost considerations, the company hired by Morgan Stanley did not have any basic knowledge of information security, but promised to have an outsourced information expert who would be responsible for erasing hard drive data and then destroying it.
About a year after the end of the plan to replace the old data center, the Morgan Stanley Information Security Office received an email from Oklahoma Information Security Consultants, saying that it had bought a second-hand hard drive on the Internet. But it is full of Dalmore’s customer information:
As a major financial institution, you should follow all relevant procedures, at the very least, obtain a hard drive destruction certificate from the contractor.
Morgan Stanley immediately repurchased the hard drive and investigated the cause.
It turned out that the moving company didn’t hire an IT staff to remove the hard drives, but resold all the hard drives to another company, which then put the entire batch up for sale on an auction site.
Not to mention destroying these hard drives, even the most basic formatting or clearing of data is not done, and all customer information is completely preserved.
“Although these hard disks have encryption functions, Morgan Stanley has not enabled them,” the SEC statement said.
Although Morgan Stanley began to enable hard disk data encryption in 2018, it was only for newly written data, and the data was not encrypted before.
Under this series of information security loopholes, the SEC believes that at least more than 15 million Morgan Stanley customer data has been leaked, so it fined 35 million US dollars and asked Morgan Stanley to improve immediately.
Ironically, Morgan Stanley has neither admitted nor denied the allegations, only agreeing to pay a hefty fine, stating: “We are more than happy to resolve the issues from many years ago, and have not discovered any unauthorized access to or misuse of customer information.”
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?