How Safe is Your Data?

Published: March 30, 2015

By Jim Lichtman
Read More

On January 5th, I opened The New York Times and read the following: “In mid-December, a posting appeared on the Internet site Pastebin offering six million account records, including passwords and login data for clients of Morgan Stanley.

“Two weeks later, a new posting on the information-sharing site offered a teaser of actual records from 1,200 accounts, and provided a link for people interested in purchasing more…


“The offer was quickly taken down the same day, Dec. 27, after Morgan Stanley discovered the leak. In short order, the bank traced the breach to a financial advisor working out of its New York offices, a 30-year-old named Galen Marsh, according to a person involved in the investigation who spoke on the condition of anonymity.”

I immediately contacted a manager at the California office of Morgan Stanley where I have an account and a lot of questions, namely: what exactly happened, what data was taken, did this individual have access to my data and do I need to change account numbers?

She understood my questions, was aware of the breach and told me that the financial advisor, Galen Marsh, had been fired. Later, I received the following letter from Morgan Stanley.

“In late December 2014, we discovered a Morgan Stanley advisor had taken partial client account information of approximately 350,000 clients (10% of our total Wealth Management clients) and transferred it to his personal computer. Subsequently, the partial data of approximately 1,400 clients was briefly posted online in separate instances. We promptly detected the exposures and had the postings removed.

“Morgan Stanley immediately terminated the employee and referred the incident to law enforcement. Although the former employee has admitted taking the data, it’s not clear who posted it online. The former employee’s personal computer may have been hacked but Morgan Stanley’s system was not. A criminal investigation is ongoing. To date, no conclusion has been announced.

“No passwords or Social Security numbers were stolen. No client has suffered economic loss as a result of the theft. Morgan Stanley’s system was not hacked. There is no indication of any other data theft and no indication any other Morgan Stanley employees were involved.”

Regarding my question as to how a single employee could have access to so many client accounts, Morgan said that “Financial Advisors are authorized to access the data of their own clients. In this case, a former employee was able to gain unauthorized access to data in violation of our Firm’s policies and Code of Conduct. The two reports he accessed have been shut down.”

I placed a call to my Morgan Stanley broker. He assured me that the breach did not affect my accounts. If it had, he tells me that he would’ve been on the phone immediately to me. I asked him how often he undergoes compliance updates. His response, “It’s ongoing. There are a variety of compliance modules that he must complete. The training is on a weekly basis.”

At the end of the day, it’s about trust – trusting my own advisor and the people that work in his group, and the best way to assure that trust is by having ongoing conversations. In the entire time I have been with my financial advisors, there has never been a time when they were not available to answer any and all questions, or refer me to the individual that could.

As cyber attacks become more prevalent, it’s incumbent on all of us to be alert and question all individuals we trust with our information – financial, medical and personal.


  1. Excellent essay. Thank you Jim. I recently became concerned about the same issue…Identification hacking, as it had occurred at Target and even Anthem Blue Cross and the Morgan Stanley of your story.

    Following the advertisements, I went online to “Life-Lock” and started the application, endorsed by the gurus of radio and TV with a 10% discount using their names. I discovered that EVERY SINGLE ASPECT of my finance, from social security number to bank account numbers to mortgage number to VA payments to car-loans and even CD numbers were required, and in frozen FEAR, backed out. “What”, I thought, “would prevent some Life-Lock employee from taking MY sensitive data and hacking me from Inside?”

    And a neighbor, with “LL ultimate plan,” leased an automobile three months ago and LL NEVER contacted him to ask if it was “really his.” Googling LL “complaints” comes up with similar scenarios of non-contact for big purchases, but to be fair, NOT one hacking from inside. Yet.

    I have NOT been able to find any attorney, CPA or other financially-educated individual who can give me a solid answer.

    I believe this: Have ONE credit card and check your statement. If fraud, you are covered. Shred anything with your numbers, accounts and balances, and, as one friend told me, “I always put a phony social number on a doctor acquaintance sheet.” (But Linda, they copied your Medicare card…that’s the social.) Hey Jim….people need to be ALERT. Thanks for the tip and advice.

Leave a Comment

Read More Articles
The Latest... And Sometimes Greatest
Principle Before Party
“Duty is ours. Results are God’s.”—John Quincy Adams In 1806, after a series of attacks by Britain on American ships carrying goods, Massachusetts Senator John...
April 23, 2024
We Need the Strength of Heroes
The Date: September 28, 1955 The Place: Yankee Stadium The Event: Dodgers/Yankees, Game 1 of the 1955 World Series Every baseball fan has seen the...
April 19, 2024
A Time of Troubles, A Time of Opportunities
It’s getting harder and harder to see the light at the end of a dark, relentless tunnel of anger and war at home and abroad....
April 16, 2024
Conscience of the Senate
Continued from Tuesday’s commentary, I offer two Senate leaders from the past. Tuesday, I spoke of the integrity of Republican John Williams. Today, I offer...
April 12, 2024
A Long Time Ago in a Washington Far, Far Away. . .
. . . two U.S. Senators, one Republican, one Democrat, showed us the meaning of duty and character. Republican John Williams, a chicken farmer and...
April 9, 2024
This is The America I Know
We Americans have many grave problems to solve, many threatening evils to fight, and many deeds to do, if, as we hope and believe, we...
April 5, 2024