An employee of Morgan Stanley, an international financial services company, has been terminated for stealing information on over 350,000 clients. According to The New York Times, the employee was identified as a 30 year-old Galen Marsh.
What tipped off Morgan Stanley, according to The New York Times, was when a “posting [appeared] on the information-sharing site offered a teaser of actual records from 1,200 accounts, and provided a link for people interested in purchasing more.” The rest of the data was offered for sale by paying with Speedcoins.
After discovering the leak on December 27, 2014, the bank started investigating the matter. The very same day, the offer disappeared from the online marketplace. Morgan Stanley traced the leak within a short period of time to Galen Marsh and terminated him. According to the bank, Marsh stole data on about 10% of the 3.5 mil. clients. Marsh is currently being investigated by the Federal Bureau of Investigation and the Financial Industry Regulatory Authority.
“Rich people have money hackers want to steal and a list of them would be something you can sell,” says Jonathan Sander of STEALTHbits Technologies. “The interesting part of Morgan Stanley’s announcement is they have figured out its good press to say “we found a problem and eliminated it right away” instead of hiding it until someone else tells the news. Talking openly about the fact that insiders can breach security but diligence can catch them and fix it is good for Morgan Stanley and the information security world as a whole.”