A fired Morgan Stanley financial advisor who downloaded client information to a home server to give his job search a boost was sentenced to three years’ probation for accessing the bank’s computer network without permission.
Galen Marsh, who prosecutors say called the stolen data “the world’s best cold-calling list,” was sentenced Thursday by U.S. District Judge Kevin Duffy in Manhattan. After Marsh took the client data, it was stolen from him and posted on the Internet.
Marsh pleaded guilty in September to transferring confidential data on about 730,000 customer accounts to a private server in his home in Hoboken, New Jersey, from 2011 to 2014. Morgan Stanley has said that account data for about 900 clients was found on an external website.
Marsh worked in the bank’s private wealth-management division. The government said there was no evidence backing his claim that he took the data to analyze client information from home so he could do a better job.
Marsh has said Morgan Stanley told him Russian hackers were “suspected” of taking the information. In seeking leniency, Marsh said he cooperated promptly with the bank and the government’s investigation of the breach.
While prosecutors have determined Marsh’s private server was accessed by hackers, the harm to the bank was foreseeable because he took the data in the first place and stored it at home, which was vulnerable to intrusion, Assistant U.S. Attorney Christine Magdo said in court papers.
Confronted by superiors, Marsh admitted “the data he had taken was the world’s best cold calling list,” Magdo said, “and that he had been exploring job opportunities outside the bank.”
The case is U.S. v. Marsh, 15-cr-00641, U.S. District Court, Southern District of New York (Manhattan).
Ex-Morgan Stanley Advisor Avoids Prison for Client Data Theft
December 23, 2015
« Previous Article
| Next Article »
Login in order to post a comment
Comments
-
the Board should check for any material mitigating factors, then if none fire all 5 of them in regard to Gorman, it is long overdue long overdue - time for him and his courtiers to exit stage left this is beyond moronic
-
sorry - typo ............ 730,000 files 730,000 files were sent ? 730,000 ? and his (or her) computer did not jam. wow, he, or she, must have a pretty good computer at home. most Fortune 500 companies don't even have a computer with that much horsepower. impressive, and curious. what a ridiculous, egregious situation with the fundamental problem rooted right at the top of the shop, arrogance and complacency 730,000 files transferred, and no red-flag in tech security, compliance, or risk management ? fire them - Gorman, Nicolaisen, Grossman, Rosenthal, and Hatsuki there are lots of good people who can step right in for them
-
and at the risk of stating the obvious, maybe the FA's personnel jacket ought to be looked at a little more closely - because very few privately owned computers will accept a download this large. Try sending three or four simple files to most people, and the email or download will jam 9 times out of 10. and this Mr. or Ms. Marsh managed to download 730,00 files and his computer didn't jam ? amazing.
-
How many times has it been brought to the attention of Mr. Gorman and the Board of Directors that it is highly improper for Morgan Stanley to flout the CCO Reg (by stoically failing to appoint the required Chief Compliance Officer), and now in this matter - spawning perhaps the most egregious data security breach in the history of financial services. What is the problem, Mr. Gorman ? You don't like the idea of complying with the CCO reg ? You just don't feel like it ? You want to show all of the employees, shareholders, and clients that you are above the law, that you do not have to comply with the fundamental industry reg's? You work through $3000/hour lawyers, so the law does not apply to you. Just brilliant. This matter reflects extremely serious risk management shortfalls at Morgan Stanley, both on the part of management, and the Board of Directors. We have said it before - Gorman should be fired. He should have been fired long ago, and he should be fired for this. What is the "legal rationale" that your lawyers tell you, Mr. Gorman ? That if you have a CCO, then - like all C-suite officers, they will have to give periodic briefings to the Board of Directors - and God Forbid, they might "say something" that requires action, or some kind of remediation? And you could not extend the nonsensical theory of attorney-client privilege that in-house corporate lawyers superciliously tout to shield the words the CCO might utter to the Board. God Forbid - since it is not a lawyer's post, the comments might even have to be written down and looked into. Well - you have a really, really rotten situation here now, reflecting a serious, structural lack of proper controls - of the highest magnitude. Gorman should be fired. Not a gray zone question either. Fired. Donald Nicolaisen should be forced to step down as head of the Board's Risk Committee. Eric Grossman (Chief Legal Officer) should be fired by the Board. Jim Rosenthal should be fired as Chief Operating Officer, for failure to properly supervise tech security. And Keishi Hotsuki should be fired as Chief Risk Officer, for obvious reasons relating to tech security, and for his part in the firm's flouting the CCO Reg. What a moronic, stupid situation - with roots in unvarnished, rotten corporate arrogance of the worst type. God Forbid there be a Chief Compliance Officer who regularly reviews operations to insure basic compliance on various key matters including tech security. What a moronic, stupid situation. If this does not red-flag a screaming call for a managerial house-cleaning and restructuring of the Board of Directors, I don't know what would. A truly moronic, stupid situation - rooted deeply in arrogance and negligence in the executive suite and Board of Directors. Matt Lechner Chairman - WSSIG, the Wall Street Special Interest Group "supporting and growing America's interests in the global capital markets" [email protected]