The Wall Street bank Morgan Stanley (opens in new tab) has agreed to pay $60m to settle a lawsuit filed by customers who say the firm's poor security practices left their personal data at risk.
A preliminary settlement of the class action lawsuit was recently filed in Manhattan federal court though it still requires approval by US District Judge Analisa Torres according to a new report (opens in new tab) from Reuters.
If approved, the proposal would provide at least two years of identity theft protection (opens in new tab) for the 15m customers affected by two separate security breaches. They will also be able to apply for reimbursement of up to $10k in out-of-pocket losses.
According to Morgan Stanley's settlement, the company denies any wrongdoing though in time since the two incidents occurred, it has made “substantial” upgrades to its data security (opens in new tab) practices.
In their class action lawsuit, current and former Morgan Stanley customers accused the bank of failing to properly wipe decommissioned equipment from two data centers (opens in new tab) containing unencrypted customer data back in 2016 before it was resold to unauthorized third parties.
Additionally, the lawsuit says that several older servers (opens in new tab) which also contained customer data went missing after the firm transferred them to an outside vendor back in 2019. However, Morgan Stanley was later able to recover the servers in question according to court papers.
Back in October of 2020, Morgan Stanley agreed to pay a $60m civil fine to resolve accusations that its information security practices were unsafe or unsound put forth by the US Office of the Comptroller of the Currency.
In a recent email, the firm said that it had notified all affected customers and that it was pleased to finally settle the class action lawsuit against it.
Via Reuters (opens in new tab)