Morgan Stanley faces data breach, corporate client info stol...

WASHINGTON, July 9 -- Morgan Stanley has disclosed that personal data of some of its corporate clients was stolen in January in a data breach that involved a third-party vendor and hackers accessed information, including social security numbers. Files stolen also included client names, addresses, date of birth and corporate company names. The bank's vendor, Guidehouse, which provides account maintenance services to its StockPlan Connect business, informed it about the breach in May, Morgan Stanley said in a letter dated July 2. The bank said attackers accessed information by exploiting a vulnerability in the vendor's server, Accellion FTA. While the exposure was patched within five days, the attackers obtained decryption key even though the files were encrypted. Guidehouse informed the bank it had found no evidence that the stolen data had been distributed online. A person familiar ...