US financial service giant Morgan Stanley alleged this week that one of its employees stole account information from around 10% of its 3.5 million wealth management clients.
The Manhattan-headquartered firm said in a statement that some of the stolen data was posted briefly online, although it didn’t contain any account passwords or social security numbers. It added that it is “instituting enhanced security procedures including fraud monitoring” on affected accounts.
The statement continued:
“While there is no evidence of any economic loss to any client, it has been determined that certain account information of approximately 900 clients, including account names and numbers, was briefly posted on the internet. Morgan Stanley detected this exposure and the information was promptly removed.”
The employee blamed for the data leak has since been fired and law enforcement and regulatory authorities notified, Morgan Stanley said.
Financial adviser Galen Marsh, 30, is alleged to be behind the insider breach, an anonymous “person involved in the investigation” told the New York Times.
In a mid-December Pastebin post he’s alleged to have offered for sale sensitive information including the log-ins of six million accounts, before exposing a small quantity of that data in a second post a fortnight later, the report continued.
Marsh’s lawyer, Robert Gottlieb, claimed that although his client did take said information, he didn’t post it online, share it or try to sell it.
Verizon’s most recent Data Breach Investigations Report (DBIR) found that 8% of data breaches in 2013 were down to “insider misuse” with the majority (88%) made possible by privilege abuse, unapproved hardware (18%) and bribery (16%).
The majority of insider crimes are financially motivated (72%), with LAN access (71%) the key threat vector, followed by physical access (28%).
Desktops (26%) and databases (25%) were pegged as the most commonly targeted devices when it comes to insider misuse, Verizon found.
Piers Wilson, head of product management at Tier-3 Huntsman, argued that firms like Morgan Stanley need to consider behavioral baselining and other tools to monitor systems, processes and people for anything abnormal.
“It can be incredibly difficult to spot insider threats in time to prevent them from doing any damage, since the majority of network security solutions are only geared up to identify known threats,” he told Infosecurity.
“Financial organisations need to move away from this over-reliance on network security systems and signature-based tools to focus on the early detection, investigation and verification of risks.”
David Flower, managing director for endpoint security firm Bit9 + Carbon Black, added that organizations today should work on the assumption that they’ve already been breached, and have in place continuous monitoring of endpoints to detect and respond to unusual activity.
“It is not enough to just know that a breach has occurred, you need to be able to track the ‘kill chain’ of what the threat actor did in order to understand your level of risk exposure following a breach,” he told Infosecurity by email.
“Being able to collect data and conduct a forensic examination of what has happened – identifying what files they have accessed and possibly exfiltrated, whether they’ve tried to access other machines, how they gained access, how any malware may have morphed or hidden itself etc. – will help to determine the intent of the attack and the full impact of the breach.”