Posted on behalf of Arnold Law Firm
on July 12, 2021 in Data Breach Updated on February 24, 2022
NOTICE:If you are a current or former Morgan Stanley StockPlan Connect business account holder, current or former StockPlan participant, or current or former StockPlan Shareholder and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.
On May 20, 2021 Morgan Stanley was notified by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, that it had suffered a data breach. Guidehouse advised Morgan Stanley that data it maintained for Morgan Stanley had been accessed through the Accellion FTA vulnerability. Although the files in Guidehouse’s possession were encrypted, the unauthorized party was able to obtain the decryption key during the data breach.
Morgan Stanley reviewed Guidehouse’s remediation of the data breach. According to Guidehouse, the Accellion FTA vulnerability that led to this data breach was patched in January 2021, within 5 days of the patch becoming available. Although the data was obtained by the unauthorized individual around that time, the vendor did not discover the attack until March of 2021, and did not discover the impact to Morgan Stanley until May 2021.
On July 2, 2021, Morgan Stanley reported to the California Attorney General’s office that on January 20, 2021, an unauthorized party accessed Morgan Stanley’s vendors’ server, containing encrypted files from Morgan Stanley. The attack was successful through a vulnerability in the vendor’s server, Accellion FTA. While the exposure was patched within five days, the unauthorized party accessed the encrypted files along with the decryptor.
WHAT INFORMATION WAS INVOLVED?
On July 2, 2021, Morgan Stanley began to send out four versions of the data breach letter to affected individuals notifying them of the Data Breach. Together, the letters include the following exposed data:
First and Last names
Addresses
Dates of Birth
Social Security numbers
Corporate Company names
Morgan Stanley has engaged credit firm, Experian to offer free credit monitoring services for 24 months for those affected by the data breach.
According to Morgan Stanley, they are still assessing the extent of the attack and will be providing affected individuals with a data breach letter. At this time, it is unclear how many letters are expected to go out.
NOTICE: If you are a current or former Morgan Stanley StockPlan Connect business account holder, current or former StockPlan participant, or current or former StockPlan Shareholder and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.
The whole team has fought for me for over three years. They are very smart and dedicated to their work. They have gone above and beyond for me throughout my whole case. I Highly recommend them for any legal work. If it wasn’t for them, I would not be in the United States Air Force today!
Excellent representation! Very professional and efficient. Stephanie is especially responsive, available and kept me informed throughout process.
They are the best. Never had any problems.
A law suit isn’t easy, finding a good lawyer is hard, and the process can be long. With everything being said, it’s nice to have a team that truly cares, goes above and beyond for you/your case, and works in your best interest. Even the woman that work at the front desk are extremely welcoming and incredibly sweet. So if you’re looking for a lawyer, call Arnold Law Firm. You won’t be disappointed.Thank you Joshua, Anna, the rest of the team, and Arnold Law Firm for being incredible! Like I said, I couldn’t be more grateful for the hard work and care you have put into my case.
I would highly recommend Arnold Law Firm, especially George Chryssafis. He did an excellent job.