14 DAY TRIAL // Morgan Stanley notified around 34,000 of its investment clients that their personal information has potentially been exposed after two CDs went missing.
The CDs were lost by the New York State Department of Taxation and Finance after receiving them from Morgan Stanley.
The package reached the department intact, but when it arrived at the final recipient, the CDs were missing.
The data contained on the two CD-ROMs included names, addresses, account and tax identification numbers, income earned from investments in 2010, and in some cases Social Security numbers.
The information was password protected, but not encrypted, which makes it susceptible to brute force attacks.
"There’s no evidence that there was any criminal intent here, or actual misuse of this information," Morgan Stanley spokesman Jim Wiggins told Credit.com.
Referring to the lack of encryption, the official said that the company is going to work with the state in order to improve its data transmission procedures.
Morgan Stanley offered investors whose Social Security or tax identification numbers were compromised a free one-year subscription with a credit monitoring service offered by Experian.
The fact that the information belongs to investors makes it more valuable for fraudsters, as those exposed identities are almost surely tied to important assets.
All individuals affected by this incident are advised to monitor their credit reports for suspicious activity and notify the relevant authorities if any is detected. Everyone is entitled to one free credit report per year from each of the three credit reporting agencies.
Losing sensitive data on CDs, USB sticks and other storage devices is pretty common. That's why encrypting the information before transporting it is critically important, especially when dealing with other people's personal and financial details.