Posted on behalf of Arnold Law Firm
on July 12, 2021 in Data Breach Updated on February 24, 2022
NOTICE:If you are a current or former Morgan Stanley StockPlan Connect business account holder, current or former StockPlan participant, or current or former StockPlan Shareholder and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.
On May 20, 2021 Morgan Stanley was notified by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, that it had suffered a data breach. Guidehouse advised Morgan Stanley that data it maintained for Morgan Stanley had been accessed through the Accellion FTA vulnerability. Although the files in Guidehouse’s possession were encrypted, the unauthorized party was able to obtain the decryption key during the data breach.
Morgan Stanley reviewed Guidehouse’s remediation of the data breach. According to Guidehouse, the Accellion FTA vulnerability that led to this data breach was patched in January 2021, within 5 days of the patch becoming available. Although the data was obtained by the unauthorized individual around that time, the vendor did not discover the attack until March of 2021, and did not discover the impact to Morgan Stanley until May 2021.
On July 2, 2021, Morgan Stanley reported to the California Attorney General’s office that on January 20, 2021, an unauthorized party accessed Morgan Stanley’s vendors’ server, containing encrypted files from Morgan Stanley. The attack was successful through a vulnerability in the vendor’s server, Accellion FTA. While the exposure was patched within five days, the unauthorized party accessed the encrypted files along with the decryptor.
WHAT INFORMATION WAS INVOLVED?
On July 2, 2021, Morgan Stanley began to send out four versions of the data breach letter to affected individuals notifying them of the Data Breach. Together, the letters include the following exposed data:
First and Last names
Addresses
Dates of Birth
Social Security numbers
Corporate Company names
Morgan Stanley has engaged credit firm, Experian to offer free credit monitoring services for 24 months for those affected by the data breach.
According to Morgan Stanley, they are still assessing the extent of the attack and will be providing affected individuals with a data breach letter. At this time, it is unclear how many letters are expected to go out.
NOTICE: If you are a current or former Morgan Stanley StockPlan Connect business account holder, current or former StockPlan participant, or current or former StockPlan Shareholder and received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options.
Mahul did a really good job. His been very helpful and was able to meet the client's need. His turn time was quick and very reliable. I am happy with the outcome. :)Happy client. I recommend Mahul and the team for the job well done.
I spoke to Stephanie regarding a possible case. It wasn't something they could take but she was very knowledgeable and helped send me in the right direction.
Truly great people. A great team and amazing effort. They moved very fast with my case and made sure I was alert every step of the way. They are also very welcoming and very comforting in hard times. I would strongly recommend this firm.
I want to sing praise for Mrs Frances Siria @ Arnold Law Firm. She is an amazing asset to your company, very professional and such a pleasure to have worked with…..
I can’t say enough about Mrs. Siria 😃
If I could give 6 ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ I would!
I love my Team Tony! Joy and Larisa are the absolute best! They've helped me emotionally and physically, and they were always there for me when I needed someone to talk to. They definitely walked me through my problems and helped me understand everything every step of the way. I would 100% recommend them!!! Tony has the best support that I could have ever asked for. They are kind, extremely knowledgeable, and approachable. I could not thank them enough! Please give them a try.