Morgan Stanley says wealth management employee stole client data
Morgan Stanley (MS.N) said on Monday it had fired a financial adviser who allegedly stole account information from about 350,000 of its wealth management clients and posted some of it online.
There is no evidence that clients lost money as a result of the latest breach of customer information at a financial firm, Morgan Stanley said in a statement.
A person familiar with the matter identified the former employee as Galen Marsh, a 30-year-old financial adviser from one of Morgan Stanley's New York branches.
Marsh appeared to be looking to sell the data, which pertained to about 10 percent of Morgan Stanley's 3.5 million clients, the person said. He published information on about 900 accounts as an apparent advertisement, the person said.
Robert Gottlieb, who is representing Marsh with the law firm Gottlieb & Gordon, denied that his client posted the information online or tried to sell it. He also said Marsh is "devastated by what has occurred and is extremely sorry for his conduct."
"This is an employment matter between Mr. Marsh and Morgan Stanley," Gottlieb said. "He has acknowledged that he should not have obtained the account information and he has been cooperating fully with Morgan Stanley to protect the firm and its customers."
The bank discovered the post as part of a routine Internet sweep on Dec. 27 and quickly got the information taken down, said the person, who was not authorized to speak publicly about the matter.
Marsh did not immediately return phone calls or messages seeking comment. He joined Morgan Stanley in April 2008 as a sales assistant, entered its trainee program in 2010 and became a financial adviser in March 2014.
The leaked information included clients' names and account numbers, but not passwords or Social Security numbers. The account numbers have since been changed, and Morgan Stanley has been notifying affected clients.
Morgan Stanley's investigation into the matter is ongoing. It has referred the matter to regulators and law enforcement authorities who are conducting separate investigations.
Another person with knowledge of the matter said the FBI was looking into the alleged theft.
A spokeswoman for FINRA confirmed in an email that they were looking into the matter. The U.S. Securities and Exchange Commission did not immediately respond to requests for comment. The Manhattan District Attorney's Office and U.S. Department of Justice declined to comment.
Shortly after Morgan Stanley announced the breach in a press release, Gregory Fleming, president of the wealth management business, issued a memo that said the bank is offering affected clients additional monitoring and fraud protection services at no charge.
It was not immediately clear how Marsh was able to allegedly breach compliance protocol to steal client information and post it on the Web.
The person familiar with the matter said Marsh used an external application to post the data online. Morgan Stanley has since restricted employee access to that application.