Another law firm has asked a court to allow current and
former customers of Morgan Stanley Smith Barney to sue the wirehouse for
failing to ensure that their social security numbers, account numbers and other
“personal identifiable information” was scrubbed from hardware that was
decommissioned.
Morgan Stanley on July 9 began notifying customers that an
outside contractor failed to completely scrub hardware from two data centers
that were closed in 2016, and discovered in 2019 that old servers in some
branches that cannot be located may have unencrypted customer data, according
to letters and emails the firm has sent customers and brokers.
A federal lawsuit in New York City’s Second Circuit seeking
to certify a national and California class of customers claiming negligence and
invasion of privacy was followed on Friday by a second one making similar
claims, excluding violation of the state unfair competition law.
Neither complaint claims breaches of computer systems but
both allege unauthorized disclosures of the data to unknown third parties.
Morgan Stanley informed brokers, customers and some state
attorneys general that it has not detected unauthorized use of the data, but
has offered two years of free credit monitoring services from Experian.
“Morgan Stanley’s current and former customers face a
lifetime risk of identify theft, which is heightened here by the loss of
customers’ Social Security number [sic],” lawyers representing named plaintiffs
Richard Grossman of Coral Gables, Florida, and Howard Katz of Philadelphia,
wrote in the complaint filed on Friday. “In addition to Morgan Stanley’s
failure to prevent the Data Breach, Defendant failed to detect the Data Breach
for years, and when they did discover the Data Breach, it took them over a
year, possibly longer, to report it to the affected individuals and the states’
Attorney General.”
John Schnagl, a Morgan Stanley customer in the state of
Washington, said he was “livid” when he received notification of the potential
breach from his advisor and then by mail, primarily because of the delay
between the firm’s discovery of the events and the notices.
“I would say that the investigation they made into whether
they should be held responsible is worse than a data breach,” said Schnagl, who
has not been in contact with lawyers. “I trust my financial advisor, but Morgan
Stanley as an entity shows a lack of moral integrity and I am looking into
switching my account to somewhere else.”
A Morgan Stanley spokeswoman declined to comment on the
lawsuits, other than to repeat previous statements to the press and clients
that no harm has been discovered to date.
“We have continuously monitored the situation and have not
detected any unauthorized activity related to the matter, nor access to or
misuse of personal client data,” she said.
Lawyers at Nussbaum Law Group in New York who filed Friday’s
suit along with lawyers at Criden & Love in Miami did not respond to
requests for comment or said they do not as a matter of policy comment on
ongoing litigation. Lawyers at Morgan & Morgan in New York who filed the
earlier suit did not return requests for comment.
Under standard class-action courtroom procedures, the two
suits and others that may follow are likely to be consolidated, said several
attorneys.
Neither suit estimated the size of the potential customer
classes, but said that Morgan Stanley has identified “thousands of customers
whose PII may have been improperly accessed.”
Click
here for the original article.