Personal information belonging to 34,000 investment clients of Morgan Stanley Smith Barney has been lost, and possibly stolen, in a data breach. Morgan Stanley sent two letters to clients warning them of the breach. The information includes clients’ names, addresses, account and tax identification numbers, the income earned on investments in 2010, and in some cases Social Security numbers.
The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted.
The CDs were in a package sent to the New York State Department of Taxation and Finance, but they were missing when the package was opened at the destination. The package itself was intact when it arrived, showing no signs of theft.
The company informed the affected customers about the data breach two weeks after it was notified, after conducting its own investigation. Morgan Stanley has offered free credit monitoring services to the customers whose Social Security numbers have been leaked because of the data breach.
The firm is currently handling two class action lawsuits related to the disclosure of confidential information.