Bleeping Computer: Morgan Stanley Reports Data Breach After Vendor Accellion Hack - By Sergiu Gatlan - July 8, 2021
Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.
Morgan Stanley is a leading global financial services firm providing investment banking, securities, wealth and investment management services worldwide.
The American multinational company's clients include corporations, governments, institutions, and individuals in more than 41 countries.
Encrypted files stolen together with decryption key
Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.
The Guidehouse server was breached by exploiting an Accellion FTA vulnerability in January before the vendor patched it within five days of the fix becoming available.
Guidehouse discovered the breach in March and the impact to Morgan Stanley customers in May, when it notified the financial services company of the incident and that no evidence was found of the stolen data being disseminated online by the threat actors.
“There was no data security breach of any Morgan Stanley applications,” Morgan Stanley said in data breach notification letters sent to impacted individuals.
“The incident involves files which were in Guidehouse’s possession, including encrypted files from Morgan Stanley.”
However, even though the stolen files were stored in encrypted form on the compromised Guidehouse Accellion FTA server, the threat actors also obtained the decryption key during the attack.
Morgan Stanley says that the documents stolen during this incident contained:
• Stock plan participants' names
• Addresses (last known address)
• Dates of birth
• Social security numbers
• Corporate company names...
Read More:
Investment banking firm Morgan Stanley has reported a data breach after attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of a third-party vendor.
Morgan Stanley is a leading global financial services firm providing investment banking, securities, wealth and investment management services worldwide.
The American multinational company's clients include corporations, governments, institutions, and individuals in more than 41 countries.
Encrypted files stolen together with decryption key
Guidehouse, a third-party vendor that provides account maintenance services to Morgan Stanley's StockPlan Connect business, notified the investment banking company in May 2021 that attackers hacked its Accellion FTA server to steal information belonging to Morgan Stanley stock plan participants.
The Guidehouse server was breached by exploiting an Accellion FTA vulnerability in January before the vendor patched it within five days of the fix becoming available.
Guidehouse discovered the breach in March and the impact to Morgan Stanley customers in May, when it notified the financial services company of the incident and that no evidence was found of the stolen data being disseminated online by the threat actors.
“There was no data security breach of any Morgan Stanley applications,” Morgan Stanley said in data breach notification letters sent to impacted individuals.
“The incident involves files which were in Guidehouse’s possession, including encrypted files from Morgan Stanley.”
However, even though the stolen files were stored in encrypted form on the compromised Guidehouse Accellion FTA server, the threat actors also obtained the decryption key during the attack.
Morgan Stanley says that the documents stolen during this incident contained:
• Stock plan participants' names
• Addresses (last known address)
• Dates of birth
• Social security numbers
• Corporate company names...
Read More:
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
