In September 2022, financial giant Morgan Stanley agreed to a $35 million settlement for failing to protect the personal identifying information (PII) of approximately 15 million customers over a five-year period. 

The Morgan Stanley data breaches, along with other recent data breaches among large retailers, are a chilling warning of what could happen for businesses who don’t properly dispose of electronics and personal data. These IT asset disposition errors made by Morgan Stanley bring to light the importance of protecting your business from similarly costly mistakes by partnering with a certified electronics recycler. 

Morgan Stanley: What Went Wrong

In what the U.S. Securities and Exchange Commission (SEC) called a series of “astonishing” failures, Morgan Stanley improperly disposed of IT assets and didn’t adequately safeguard the private financial information of its many clients. According to the SEC, these major data breach mistakes occurred on many occasions over a period of several years. 

Among the many infractions cited by the SEC, Morgan Stanley hard drives containing sensitive PII were actually auctioned off online. On multiple occasions, Morgan Stanley hired—and failed to supervise—a moving and storage company with “no experience or expertise in data destruction services” to destroy hard drives and servers containing customer data. That moving company sold thousands of devices containing unencrypted PII to a third party, who then resold the devices via an internet auction website. Each device is estimated to contain thousands of unprotected data pieces, and unfortunately, a majority still remain unrecovered.

The SEC investigation also found that Morgan Stanley did not properly dispose of retired IT assets after launching a company-wide hardware refresh program at local and branch offices. Records uncovered by the SEC showed that as many as 42 servers containing consumer report information were missing. Moreover, the SEC discovered that the decommissioned local devices did not have encryption software activated, despite each device being equipped with encryption capabilities for years.

What We Can Learn from Morgan Stanley’s IT Asset Disposition Errors

The SEC’s $35 million fine sent a clear message to financial businesses and other businesses entrusted with protecting sensitive customer and brand data: Don’t cut corners when it comes to disposing of IT assets and destroying data

Whereas in the case of Morgan Stanley, an unsupervised third party was able to save and resell spent electronics, businesses who choose to use certified electronics recyclers take advantage of the benefit of a fully supervised and trackable process. Depending on the sensitivity of the data, electronics and hard drives can be fully sanitized or shredded via an electronics recycler. For sensitive PII such as highly secure data related to finance, health care, or national security – industrial shredding offers peace of mind that data can’t be rebuilt or accessed.

Using an official electronics recycler—versus a trash removal or moving company—also offers an auditable trail to track each step of the process. This would have saved Morgan Stanley valuable time and costs lost in efforts to aid the SEC in their investigation. As yet another step to prove that sensitive data in your electronics were responsibly destroyed, certified electronics recyclers will include data destruction certificates of authenticity. If Morgan Stanley had similar proof of destruction, they likely could have avoided the headaches and financial fees it eventually incurred. 

By partnering with an established electronics recycler to remove old computers and hard drives, Morgan Stanley could have avoided many of its costly errors. These data experts are trained in and use the latest in classified-asset sanitization and destruction, so you can rest assured your customer’s data is fully protected. By hiring companies like Global Electronics Recycling, you ensure your spent IT assets and data will be responsibly protected and recycled. 

contact us

Read More:

What to Learn from the Latest E Waste Disposal Failures

The Answers to Your Questions about Hard Drive Shredding

Secure IT Asset Disposition Services: Why Walmart is in Trouble

Read More