back to article Morgan Stanley hit with $60m penalty for failing to properly decommission old kit hosting 'wealth management' data

Banking giant Morgan Stanley has been ordered to pay a $60m civil penalty over allegations it failed to properly decommission hardware from two of its US data centres in 2016. The servers belonged to Morgan Stanley's wealth management business. According to the penalty order [PDF] from the snappily named Office of the …

  1. alain williams Silver badge

    ISO 9000

    I'll wager that Morgan Stanley is ISO 9000 "compliant", but this is often a box ticking exercise that means jack all if nobody bothers -- except when it is certification time.

    1. veti Silver badge

      Re: ISO 9000

      ISO9000 is about controlling your procedures. No one ever claimed it could guarantee that those procedures were legally compliant. That's management's job.

      1. Anonymous Coward
        Anonymous Coward

        Re: ISO 9000

        Sounds like the only useful thing there is management.

        Auditors and regulatory. Making management look good.

        Management.

  2. Aristotles slow and dimwitted horse

    I know the real answer, but I have to ask...

    No admission of any liability, but a $60m civil penalty nonetheless...

    How dat work den?

    1. MiguelC Silver badge

      Re: I know the real answer, but I have to ask...

      In America, you pay to have a clean sheet.

      It's just a modern form of indulgence...

      1. sanmigueelbeer

        Re: I know the real answer, but I have to ask...

        In America, you pay to have a clean sheet your sh1t cleaned.

        There, FTFY.

    2. a_yank_lurker

      Re: I know the real answer, but I have to ask...

      Agree to massive fine to avoid a trial and a verdict with a worse fine and sentence. As part of the settlement the defendant does not have to admit guilt officially; they technically were never found guilty by a court. But the size of the fine means they thought fighting it would lead to a conviction, essentially admitting guilt but not having the legal stigma of a guilty verdict.

  3. Zippy´s Sausage Factory
    Devil

    I once bought a CP/M 2.2 machine with an 80 MB hard disk and an entire company's records on it. Still worked fine and appeared to have been in use about a couple of weeks before when the company went bust.

    This, I should add, was in 2010.

    No idea what happened to it sadly, it was a beautiful piece of kit...

    1. TaabuTheCat

      Best I ever did was in the 90s dot-com bust. Picked up a storage array that turned out to be from a defunct streaming service that had about 200,000 MP3 files on it, from all different genres and time periods. Sure expanded my collection of music quickly!

      1. David 132 Silver badge
        Happy

        Pfft, OK boomer, actually having copies of your music is SO last decade. All the cool kids now stream, for a small recurring fee in perpetuity.

        But seriously though. I hate you :)

        I can only hope it was 200,000 versions of the Macarena...

        all different genres and time periods

        ...”Macarena as Waltz.mp3”, “Macarena (Renaissance Lute Remix).mp3”, “Billy Bob an’ his Good Ole Bluegrass Boys Play Macarena.mp3”?

        1. veti Silver badge

          I want to hear the bluegrass Macarena now.

          1. bombastic bob Silver badge
            Trollface

            I want to hear the bluegrass Macarena now.

            KPOP version?

          2. AW-S

            Does this from The Groove Grass Boyz come close? https://www.youtube.com/watch?v=n1MPnjdmgD4

  4. Eclectic Man Silver badge

    Rich people's money

    The $60million fine was presumably because it was personal financial details of RICH PEOPLE that were at risk. Had it been plebs' data they would have been let off with a mild slap on the wrist.

    1. Mister Dubious
      Flame

      Re: Rich people's money

      [...] a mild slap on the wrist.

      $60 million *is* a mild slap on the wrist to Morgan Stanley. In 2019 they had revenue of $38.9 BILLION, so they'll recoup it in just over half a day -- 13:30, if my math's right. A little more than a rounding error, I guess, but less than a Punishment.

      1. This post has been deleted by its author

        1. Aitor 1

          Re: Rich people's money

          I disagree, punishment should be proportional to the crime, not how much money the government can make.

          1. lglethal Silver badge
            Go

            Re: Rich people's money

            Actually you're both right.

            Earnings based fines have been shown to be far more ethical, and have the same deterrent effect on the rich and the poor (Sweden for one has an earnings based speeding fines meaning a rich person caught speeding pays a significantly higher monetary fine than a poor person commiting the same speeding offense, but both people losing a weeks pay hurts (almost) equally, and has a similar deterrent.

            However, the punishment applied should absolutely be proportional to the crime committed.

          2. veti Silver badge

            Re: Rich people's money

            "In its majestic equality, the law forbids rich and poor alike to sleep under bridges, beg in the streets and steal loaves of bread."

            A fine based on the culprit's ability to pay is matching the crime. MS isn't some struggling startup, they've been doing this for generations. What's their excuse, exactly?

          3. sabroni Silver badge

            Re: punishment should be proportional to the crime

            The purpose of the fine is to act as a detterent. If the figure is insignificant to the offender then it won't deter them at all. Besides which, if the fine is "A weeks money" that's perfectly proprotional.

  5. NiceCuppaTea

    I guess a few grand for their own hard disk shredder is looking more like a wise investment now then. No subconractor, no problem. A PFY writing down serial numbers and chucking disks into a muncher is cheap by comparison eh?

  6. Anonymous Coward
    Anonymous Coward

    Wealth Management

    Aka tax avoidance or even evasion schemes. (Which given the hoops jumped through for many avoidance schemes probably just means evasion but they can tie you in knots long enough that it is just accepted as legal)

  7. Anonymous Coward
    Anonymous Coward

    ETrade

    Etrade have just revealed they are partnering with MS so this doesn't instill confidence.

    "As of October 2, 2020, E*TRADE has joined forces with Morgan Stanley, a leading wealth management and investment banking firm. As a result of this transaction, we've updated our Consumer Privacy Notice to include Morgan Stanley as an affiliate and to permit the inter-affiliate sharing of creditworthiness data for everyday business purposes.

    We are required to provide you with this updated Privacy Notice for your E*TRADE account, as federal law requires us to tell you how we collect, share, and protect your personal information, as well as how you can opt out of certain types of sharing.”

  8. ForthIsNotDead
    Stop

    Eh?

    "Morgan Stanley's fine relates to a lack of compliance with the Code of Federal Regulations, Part 30, Appendix B, "Interagency Guidelines Establishing Information Security Standards." These security rules specifically relate to guidelines about the "proper disposal" of banking customers' information."

    So... Are they rules, or are they guidelines?

  9. James Fox

    Scratches Head

    "Office of the Comptroller of the Currency". Comptroller?

  10. Doogie Howser MD

    "Morgan Stanley, which does not admit liability"

    Wankers. Of course they're fucking liable (though maybe not in the jaundiced eye of the law).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like