This post was originally published on this site
https://i-invdn-com.investing.com/trkd-images/LYNXNPEH670VN_L.jpgThe bank was notified of the breach in May by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley (NYSE:MS)’s StockPlan Connect business, it said in a letter dated July 2.
Files stolen included client names, addresses, date of birth, social security numbers and corporate company names, the bank said.
Attackers gained access to the information by exploiting a vulnerability in Guidehouse’s server Accellion FTA. The vulnerability was patched within five days.
Although the files were encrypted, the attackers were able to obtain the decryption key during the breach, the bank said.
“We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients,” a bank spokesperson said.
The hack, reported earlier by technology news portal Bleeping Computer, was discovered in March by Guidehouse and its impact on Morgan Stanley was found in May, the letter said.