Morgan Stanley Smith Barney is warning 34,000 of its investors to be on alert after CD-ROMs carrying their personal data disappeared when they were mailed to a state government office.
The data breach occurred after Morgan Stanley mailed two CD-ROMs that had information on investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. The CD-ROM package reached the New York State Department of Taxation and Finance, but the discs had vanished by the time they were delivered to the recipient they were addressed to.
From its investigation, the New York Department of Taxation and Finance cannot tell if the discs were lost in transit or at their office, department spokesperson Susan Burns said.
The CD-ROMs were password protected, but not encrypted, which means that the clients’ information including names, addresses, account identification numbers, tax identification numbers and income earned from investments in 2010 could be compromised. Some of those investors’ social security numbers could also be exposed.
“There’s no evidence that there was any criminal intent here, or actual misuse of this information,” Morgan Stanley Spokesman Jim Wiggins told Credit.com, which first reported the story.
Wiggins confirmed Credit.com’s report by phone on Wednesday. A message left for the New York State Department of Taxation and Finance was not immediately returned.
The New York State Department of Taxation and Finance first reported the loss to Morgan Stanley on June 8. Morgan Stanley subsequently sent letters to the investors affected on June 24 following a thorough search for the CD-ROMs.
Morgan Stanley has sent two different letters to its clients, Credit.com reports. One urges them to be vigilant about checking their financial statements for potential discrepancies. The other, directed at the investors whose Social Security numbers could have been compromised, tells them to contact the Federal Trade Commission and offers free enrollment with credit monitoring firm Experian for one year.