Hacks continue to evolve as the hackers themselves get increasingly sophisticated. One of the most recent victims is investment banking giant Morgan Stanley. Their network was breached after the attackers stole personal information belonging to their customers by hacking into an Accellion FTA server belonging to a third-party vendor, then using that information to breach Morgan Stanley's network.
The third-party vendor in question, Guidehouse, provides account maintenance service to Morgan Stanley. They notified the banking giant back in May that they had been breached and that some information belonging to Morgan Stanley customers had been compromised.
At this time it is unclear just how many of Morgan Stanley's customers have been impacted, but the company is in the process of reaching out to all who were impacted to let them know. Although the company has not indicated as much, it's fairly standard practice for firms to offer 1-2 years of credit protection to customers who have had their data compromised. Odds are excellent that this will be the case here. Although again, that has not been confirmed at this point.
In any case, this is a serious breach, regardless of scope and scale, because the hackers were able to make off with both encrypted files and the decryption key to unlock them.
The stolen data includes:
- Stock plan participants' name
- Physical address
- Date of birth
- Social security number
- And company name, where applicable
In other words, more than enough information to steal an individual's identity.
If you bank with Morgan Stanley, be on the lookout for a letter from the company and watch your credit statements like a hawk. If you want to take a more proactive stance, give them a call to verify whether or not you are among the impacted users.