Morgan Stanley disclosed a data breach after threat actors accessed the Accellion FTA server of the third-party vendor Guidehouse.
- The investment banking firm confirmed a data breach where attackers stole personal data belonging to its customers by hacking into the Accellion FTA server of its third-party vendor, Guidehouse.
- The incident involves files that were in Guidehouse’s possession, including encrypted files from Morgan Stanley.
Morgan Stanley disclosed a data breach after threat actors accessed the Accellion FTA server of the third-party vendor Guidehouse.
Morgan Stanley is an American multinational company providing investment banking, securities, wealth and investment management worldwide.
The leading global financial services clients include corporations, institutions, governments, and individuals in more than 41 countries.
The security breach was first reported by BleepingComputer and also shared a data breach notification letter sent to it's impacted customers.
“On May 20, 2021, Morgan Stanley was notified by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, that it had suffered an information security incident. Guidehouse advised us that data that it maintained for Morgan Stanley had been accessed through the Accellion FTA vulnerability.” reads the letter.
According to the data breach notification letter, there was no data security breach of any Morgan Stanley applications.
The documents stolen during this incident contained Stock plan participant’s names, addresses, dates of birth, Social Security numbers, Corporate company names.
The company added that the files stolen from Guidehouse's FTA server did not contain passwords, information or credentials that the threat actors could use to gain access to impacted customer's financial accounts.
The attackers exfiltrate sensitive information from the victims and then publish it on the Clop ransomware gang’s leak site.
Since January, multiple data breaches have been reported impacting companies and organisations after their Accellion FTA servers were compromised.
These threat actors have hit cybersecurity firm Qualys, energy giant Shell, supermarket giant Kroger, multiple universitiesy and other organisations.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?