ABC News reported yesterday afternoon that the financial and insurance giant Morgan Stanley Smith Barney had lost the personal details of 34,000 clients. And it wasn’t just email addresses and names that had been lost; account and tax identification numbers, income earned on investments and in some cases, social security numbers.
Morgan Stanley Smith Barney had mailed two CDs containing the data to the New York State Department of Taxation and Finance. However by the time the package reached its destination, the CDs had gone. The data on the CDs was apparently protected by passwords, but not encrypted.
The State Department informed Morgan Stanley Smith Barney on the 8th June of the missing discs. After an unfruitful search, Morgan Stanley informed clients on the 24th June of the loss.
On the matter, Adam Levin commented:
“This is pretty tasty stuff for somebody. This isn’t just an identity. This is an identity attached to assets.”
Data Protection – It Starts With You
Again another news story highlights the fact that human error often plays a part in data loss. The data on these CDs should have been encrypted. Whose responsibility was that? Who was checking that, before 34,000 clients details of one of the largest financial organisations in the world were mailed across New York City, that they were encrypted? Or maybe, they just weren’t aware.
It is essential that your staff are aware of their own responsibilities in regards to data protection. At IT Governance we offer a fantastic online training course for all employees who process personal information in their daily job.
Download this course today and ensure your staff are up to speed to keeping you and your clients data, safe.