Report: Morgan Stanley warns 34,000 clients of data breach

Data was on unencrypted discs that were found to be missing from a package sent to the New York State Tax department, according to Credit.com.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

July 5, 2011 3:47 p.m. PT

Morgan Stanley Smith Barney has warned 34,000 customers that their addresses, account and tax ID numbers, and other data--including Social Security numbers for some--may have been stolen, the Credit.com news site reported today.

The data was reportedly on two CD-ROM discs that were password-protected but not encrypted, according to two letters Morgan Stanley sent to customers on June 24. The package containing the CDs was intact when it arrived at the New York State Department of Taxation and Finance but the CDs were missing when the package arrived on the desk of its intended recipient, Jim Wiggins, a Morgan Stanley Smith Barney spokesman told Credit.com.

The state notified Morgan Stanley Smith Barney about the missing CDs on June 8. After a two-week investigation, the brokerage firm then notified customers and offered to pay for a year of credit-monitoring service to customers who received letters warning that their Social Security numbers were among the data, the Credit.com story says.