According to the bank, client names, addresses, date of birth, social security numbers, and corporate company names, were among the files stolen.
Morgan Stanley has revealed that a data breach involving a third-party vendor in January resulted in hackers gaining access to personal information, including social security numbers, of some of its corporate clients.
Guidehouse, a vendor that offers account maintenance services to Morgan Stanley’s StockPlan Connect business, notified the bank of the breach in May, according to a letter dated July 2.
According to the bank, client names, addresses, date of birth, social security numbers, and corporate company names, were among the files stolen.
The Hackers hacked the information by exploiting a vulnerability in Guidehouse’s server Accellion FTA. Within five days, the vulnerability was patched.
Despite the fact that the files were encrypted, the bank revealed that the attackers were able to gain the decryption key during the breach.
Commenting on the breach, a bank spokesperson said “We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients,”