New Hampshire: Morgan Stanley notifies AG of data breach
Morgan Stanley & Co LLC notified, on 2 July 2021, the New Hampshire Attorney General ('AG') of a data breach involving the unauthorised access to personal data of their corporate clients. In particular, Morgan outlined that they were notified on 20 May 2021 by Guidehouse, a vendor that provides account maintenance services to Morgan's StockPlan Connect business, that it had suffered an information security incident. In addition, Morgan noted that although the files in Guidehouse's possession were encrypted, they were told by Guidehouse that the unauthorised individual was able to obtain the decryption key during the security incident, due to the Accellion FTA vulnerability. Furthermore, Morgan outlined that the files obtained from the vendor included the following participant information: name; address (last known address); date of birth; Social Security number (if the participant had one); and corporate company name, these files did not contain passwords that could be used to access financial accounts. Lastly, Morgan noted that 108 New Hampshire residents were affected and that Guidehouse has arranged with Experian to provide any potentially affected New Hampshire residents with credit monitoring services for 24 months at no charge to them.
You can read the notification here.