Morgan Stanley says some corporate client info was stolen in data breach

This post was originally published on this site

https://i-invdn-com.investing.com/trkd-images/LYNXNPEH670VN_L.jpg

The bank was notified of the breach in May by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley (NYSE:MS)’s StockPlan Connect business, it said in a letter dated July 2.

Files stolen included client names, addresses, date of birth, social security numbers and corporate company names, the bank said.

Attackers gained access to the information by exploiting a vulnerability in Guidehouse’s server Accellion FTA. The vulnerability was patched within five days.

Although the files were encrypted, the attackers were able to obtain the decryption key during the breach, the bank said.

“We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients,” a bank spokesperson said.

The hack, reported earlier by technology news portal Bleeping Computer, was discovered in March by Guidehouse and its impact on Morgan Stanley was found in May, the letter said.