Thursday, July 7, 2011

Morgan Stanley Data Breach Hits Investors

Mcken's Comment: Morgan Stanley has lost 2 CDs with 34,000 personal information on it.  The information includes clients' names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and for some clients Social Security numbers. Morgan Stanley's letter said: "The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted".   
No encryption, but protected by password!  What does it mean?  Password protection on a CD without encryption?  I can only translate it as: no encryption and the data is on the CD in clean and waiting for someone to look at.
This news seems suggest to us that they do not even understand if there is anything that protecting the CD. Protected by password mean nothing without it associated to a system that protecting the content.  If they use a password protected ZIP, then we can say it is encrypted.  But in the text, there is not context of how that password is for!  I expecting Morgan Stanley should do better to explain what was happening and what kind of protect if any exist on those CDs.
There are two sources:

[07/05/2011] Personal information belonging to 34,000 investment clients of Morgan Stanley Smith Barney has been lost, and possibly stolen, in a data breach. According to two letters sent to clients, and obtained by Credit.com, the information includes clients’ names, addresses, account and tax identification numbers, the income earned on the investments in 2010, and—for some clients—Social Security numbers.
The data was saved on two CD-ROMs that were protected by passwords, according to the letters, but the CDs were not encrypted.

http://www.credit.com/blog/2011/07/morgan-stanley-data-breach-hits-investors/

No comments:

Post a Comment