The bank has twice failed to retire some of its outdated IT systems, resulting in the exposure of its customer’s personal data

NS5865_Office_building_on_Waterloo_Street

Offices of Morgan Stanley in Glasgow, Scotland. (Credit: Thomas Nugent/Wikipedia.)

US-based investment bank Morgan Stanley has reportedly agreed to pay $60m to resolve claims over exposing the personal data of its customers.

According to the lawsuit filed with the Manhattan federal court, the bank has twice failed to retire some of its outdated information technology, resulting in the data breach.

The class action was filed on behalf of about 15 million customers, and its preliminary settlement is subject to approval by US District Judge Analisa Torres, reported Reuters.

As part of the settlement, the customers would receive fraud insurance coverage for at least two years and are allowed to apply for reimbursement of up to $10,000 for their losses.

In 2016, Morgan Stanley has failed to decommission its two wealth management data centres, where the unencrypted equipment containing customer data was resold to unauthorised third parties.

In 2019, the investment bank lost a few older servers holding the personal data of the customers, after the bank has transferred them to an outside vendor, and were recovered them later.

According to the settlement papers, the bank denied its wrongdoing in agreeing to settle and has made substantial upgrades to its data security practices.

In October 2020, Morgan Stanley agreed to pay $60m to the US Office of the Comptroller of the Currency to resolve claims related to unsafe information security practices.

In June last year, the company entered into a strategic cloud partnership with Microsoft to advance its digital transformation in the financial services industry.

The collaboration was aimed at addressing the challenges in the financial services industry using Microsoft’s cloud services and enabling Morgan Stanley to improve its IT environment.