Morgan Stanley has announced that the personal information of stock plan participants has been compromised due to a data breach involving a vulnerability in the file-sharing software provided by Accellion.
According to breach notification letters sent to affected individuals, first reported by Bleeping Computer, Morgan Stanley is among the latest firms to fall victim to this issue. Guidehouse, the vendor responsible for account maintenance services for Morgan Stanley’s StockPlan Connect business, detected the breach in March and informed the bank in May that it had impacted Morgan Stanley customers.
Files containing StockPlan-related documents were stolen by hackers. Although the files were encrypted, the attackers also accessed the decryption key. The compromised documents included the names, addresses, dates of birth, social security numbers, and corporate affiliation of stock plan participants. However, passwords necessary for accessing financial accounts were not affected.
As of now, there is no evidence suggesting that the stolen data has been disseminated by the hackers. This situation differs from a recent incident involving Flagstar Bank, where the attackers posted personal details of several employees online and threatened to release more information unless they received payment.
This vulnerability has impacted numerous organizations, including the Reserve Bank of New Zealand and the Australian Securities and Investments Commission, both of which have confirmed they were affected.