NEW YORK—Morgan Stanley has agreed to pay $60-million as fine to settle a lawsuit by its customers that alleged the investment bank had failed twice to correctly rescind some of its outdated information technology that exposed customers’ personal data.
The proposed preliminary settlement of the class action was filed at a Manhattan federal court on Dec 31, 2021, on behalf of nearly 15 million customers. Nonetheless, the same needs to be approved by the U.S. District Judge Analisa Torres, according to Reuters.
According to the report, customers lodged complaints against Morgan Stanley for its failure to retire two wealth management data centers in 2016 before the unencrypted equipment was resold to illegitimate third parties. The customers alleged the equipment was sold when it still possessed customer data, thus, leading to their vital personal information to be revealed, the report adds.
Servers Go Missing
The plaintiffs further claimed some older servers that contained their data had gone missing after the bank moved the same in 2019 to an outside vendor. Court papers showed that Morgan Stanley recovered the servers later, Reuters reported.
As part of the settlement, each customer can apply for an indemnification of up to $10,000 in out-of-pocket losses. Additionally, they will receive at least two years of fraud insurance coverage, Reuters added.
While Morgan Stanley has agreed to resolve the case via a settlement, the investment bank reportedly denied any wrongdoing, according to Reuters. In the settlement documents, it was added that Morgan Stanley made “substantial” upgrades to its data security practices, the report stated.
In October 2020, Morgan Stanley had agreed to pay a civil fine worth $60 million to settle allegations by the U.S. Office of the Comptroller of the Currency regarding its unsafe data security practices in addition to the mentioned incidents, Nasdaq noted.