Goldenberg Schneider is currently investigating a recent cyberattack and data breach involving Morgan Stanley and its third-party vendor, Accellion (the “Data Breach”), which held in its possession certain personally identifiable information (“PII”) of thousands of Morgan Stanley customers. The PII compromised in the Data Breach included highly sensitive information including names, addresses, dates of birth, Social Security numbers, and affiliated corporate company names.
Morgan Stanley became the latest known casualty of hackers exploiting a series of vulnerabilities in the Accellion File Transfer Application (“FTA”), a widely used third-party file-transfer service. Morgan Stanley used the File Transfer Appliance as an alternative to email for sending large data files. Instead of receiving an attachment, email recipients get links to files hosted on the FTA, which can then be downloaded. Although the product is almost 20 years old and Accellion has been warning its clients to transition to a newer, more secure product, the legacy FTA is still used by hundreds of organizations in the finance, government, and insurance sectors. Unknown hackers are believed to have exploited vulnerabilities in the FTA to install a web shell that gave them a text-based interface to install malware and issue other commands on compromised networks. Many of the hacked organizations later received extortion demands threatening to publish stolen data on a dark web site unless they paid a ransom.
If you or anyone you know is a Morgan Stanley customer affected by the Data Breach and would like additional information about your legal rights, we would be pleased to discuss the matter with you. You can contact the attorneys at Goldenberg Schneider, LPA, by calling 513-982-1569 or sending an email to [email protected].