Posted on behalf of Arnold Law Firm
on July 12, 2021 in Data Breach Updated on February 24, 2022
NOTICE:If you are a current or former Morgan Stanley StockPlan Connect business account holder, current or former StockPlan participant, or current or former StockPlan Shareholder and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.
On May 20, 2021 Morgan Stanley was notified by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, that it had suffered a data breach. Guidehouse advised Morgan Stanley that data it maintained for Morgan Stanley had been accessed through the Accellion FTA vulnerability. Although the files in Guidehouse’s possession were encrypted, the unauthorized party was able to obtain the decryption key during the data breach.
Morgan Stanley reviewed Guidehouse’s remediation of the data breach. According to Guidehouse, the Accellion FTA vulnerability that led to this data breach was patched in January 2021, within 5 days of the patch becoming available. Although the data was obtained by the unauthorized individual around that time, the vendor did not discover the attack until March of 2021, and did not discover the impact to Morgan Stanley until May 2021.
On July 2, 2021, Morgan Stanley reported to the California Attorney General’s office that on January 20, 2021, an unauthorized party accessed Morgan Stanley’s vendors’ server, containing encrypted files from Morgan Stanley. The attack was successful through a vulnerability in the vendor’s server, Accellion FTA. While the exposure was patched within five days, the unauthorized party accessed the encrypted files along with the decryptor.
WHAT INFORMATION WAS INVOLVED?
On July 2, 2021, Morgan Stanley began to send out four versions of the data breach letter to affected individuals notifying them of the Data Breach. Together, the letters include the following exposed data:
First and Last names
Addresses
Dates of Birth
Social Security numbers
Corporate Company names
Morgan Stanley has engaged credit firm, Experian to offer free credit monitoring services for 24 months for those affected by the data breach.
According to Morgan Stanley, they are still assessing the extent of the attack and will be providing affected individuals with a data breach letter. At this time, it is unclear how many letters are expected to go out.
NOTICE: If you are a current or former Morgan Stanley StockPlan Connect business account holder, current or former StockPlan participant, or current or former StockPlan Shareholder and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.
Thank you to the Staff at Arnold Law Firm! This was my 3rd time using their services for different needs. Each time has been a smooth, honest and professional experience. They have provided me with guidance & consulting services to reach a positive outcome. Each time I have been pleasantly surprised! Thank you Arnold Law Firm! 🤗
A very special Thank You to Sal, Dominic & Jeff! 🤗🤗🤗
They always keep me up to date on my case. I also felt it was done in a timely manner!
Arnold Law firm provided me with an amazing experience. They were super communicative and assisted me with any needs or questions that I had during my journey to recovery and through financial hardship due to my car accident. I was hit by an uninsured motorist and would have been completely overwhelmed by all of the bills, paperwork, insurance nuances, and legal action needed. Jesus Garcia was an absolute pleasure to work with and I couldn’t be happier with the results.
Met with a lawyer who is taking care of my wife's potential lawsuit. He was nice and his assistant is really on top of things.I'd recommend them if you need representation. No upfront costs and reasonable expectations when suit is settled.
Excellent service.... All questions are answered promptly and thoroughly...Most of all, the knowledge and expertise are outstanding.