{"id":5435,"date":"2021-07-08T15:49:00","date_gmt":"2021-07-08T19:49:00","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=5435"},"modified":"2021-07-08T15:49:00","modified_gmt":"2021-07-08T19:49:00","slug":"morgan-stanley-suffers-data-breach-due-to-third-party-attack","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/","title":{"rendered":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-4537\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\" alt=\"Morgan Stanley Suffers Data Breach Due to Third-Party Attack\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><b><i>Investment banking firm Morgan Stanley recently disclosed suffering from a data breach resulting in the theft of customers\u2019 personally-identifying information (PII).\u00a0<\/i><\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The hackers responsible gained access through the Accellion FTA server of a Guidehouse, a third-party account maintenance vendor. Guidehouse notified Morgan Stanley of its breach in May, noting they had the intention to steal Morgan Stanley stock plan participants PII.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Moreover, the hackers exploited the Accellion FTA vulnerability in January five days before the patch for it became available.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">While Morgan Stanley stressed in <\/span><a href=\"https:\/\/www.documentcloud.org\/documents\/20985259-morgan-stanley-bc-20210702\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">a letter<\/span><\/a><span style=\"font-weight: 400\"> to notify customers that its applications remain secure, customer information including social security numbers, names, dates of birth, and corporate company names were all stolen. The hackers do not seem to have obtained credentials and as of time of writing it does not appear as if the hackers are selling the information online.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The number of affected individuals remains unknown. We consulted multiple <span style=\"text-decoration: underline\"><strong><a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\">cybersecurity<\/a><\/strong><\/span> experts for their take on the attack. Here\u2019s what they had to say.<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" alt=\"IAM Solution Suggestion Engine\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n<h3 style=\"text-align: justify\"><b>Chris Clements<\/b><\/h3>\n<p style=\"text-align: justify\"><i><span style=\"font-weight: 400\">Chris Clements is VP of Solutions Architecture at <\/span><\/i><a href=\"https:\/\/www.cerberussentinel.com\/\" target=\"_blank\" rel=\"noopener\"><i><span style=\"font-weight: 400\">Cerberus Sentinel<\/span><\/i><\/a><i><span style=\"font-weight: 400\">.<\/span><\/i><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">&#8220;This demonstrates the speed with which modern threat actors capitalize on vulnerabilities. There were reportedly only 5 days between the Accellion patch was made available and it being applied by Guidehouse.\u00a0 All organizations need to implement a plan for emergency security patching when it\u2019s clear that they are at risk of imminent compromise without regard to non-safety-related availability concerns.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">It\u2019s also critical for organizations to understand that their customer data is still their own responsibility, even when shared with a vendor.\u00a0 As part of a considered approach to working with any vendor is the acknowledgment that doing so broadens the organization\u2019s attack surface and taking steps to mitigate risk contractually and by being as selective as possible with the amount and duration of time that data is shared.&#8221;<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Alexa Slinger<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Alexa Slinger is an identity management expert at <\/span><a href=\"https:\/\/www.onelogin.com\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400\">OneLogin<\/span><\/a><span style=\"font-weight: 400\">.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">\u201cThis recent disclosure from Morgan Stanley serves as a stern reminder to all organizations who were previously, or currently are, using the Accellion FTA product that they must be prepared for additional hack disclosures. Businesses should be putting guardrails and safety measures in place for their consumer identities and data, as well as have a crisis management and recovery process ready.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Businesses must mitigate the cybersecurity risks of legacy systems by conducting regular vulnerability assessments to determine areas of weakness, ensuring that the most recent patches are applied immediately and invest in additional layers of security for securing and monitoring their endpoints and network. Efforts should be made to educate the public about phishing attempts, clarifying the ways a business will and will not contact the customer.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">This incident also highlights the need for consumers to be educated on what to do in the case of their personal data being compromised and the appropriate steps to take. Consumers should always be keeping an eye on all of their online accounts, and enable credit monitoring to swiftly detect suspicious activity in their financial accounts.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">As more breaches continue to trickle down, it remains unclear how many organizations are still using the Accellion FTA product, as well how many other breaches have remained undisclosed.\u201d<\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"hr hr\"><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Thanks to these cybersecurity experts for their time and expertise on the Morgan Stanley data breach. For more, check out the <span style=\"text-decoration: underline\"><strong><a href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-identity-and-access-management-software-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\">Identity Management Buyer\u2019s Guide<\/a><\/strong><\/span> or the <a href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\">Solutions Suggestion Engine<\/a>.\u00a0<\/span><\/p>\n<div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/suggestionengine.solutionsreview.com\/buyer\/signup\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" alt=\"IAM Solution Suggestion Engine\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Investment banking firm Morgan Stanley recently disclosed suffering from a data breach resulting in the theft of customers\u2019 personally-identifying information (PII).\u00a0 The hackers responsible gained access through the Accellion FTA server of a Guidehouse, a third-party account maintenance vendor. Guidehouse notified Morgan Stanley of its breach in May, noting they had the intention to steal [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":4537,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[142,1722,16,11,1204,76,425,1723,254,1724],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Morgan Stanley Suffers Data Breach Due to Third-Party Attack<\/title>\n<meta name=\"description\" content=\"Investment banking firm Morgan Stanley recently disclosed suffering from a data breach resulting in the theft of customers\u2019 information.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/\",\"name\":\"Morgan Stanley Suffers Data Breach Due to Third-Party Attack\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"datePublished\":\"2021-07-08T19:49:00+00:00\",\"dateModified\":\"2021-07-08T19:49:00+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"Investment banking firm Morgan Stanley recently disclosed suffering from a data breach resulting in the theft of customers\u2019 information.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg\",\"width\":800,\"height\":400,\"caption\":\"Morgan Stanley Suffers Data Breach Due to Third-Party Attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Morgan Stanley Suffers Data Breach Due to Third-Party Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack","description":"Investment banking firm Morgan Stanley recently disclosed suffering from a data breach resulting in the theft of customers\u2019 information.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/","url":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/","name":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","datePublished":"2021-07-08T19:49:00+00:00","dateModified":"2021-07-08T19:49:00+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"Investment banking firm Morgan Stanley recently disclosed suffering from a data breach resulting in the theft of customers\u2019 information.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/08\/new-hacker-image-resize-compressed.jpg","width":800,"height":400,"caption":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/morgan-stanley-suffers-data-breach-due-to-third-party-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Morgan Stanley Suffers Data Breach Due to Third-Party Attack"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, &amp; Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer&#039;s Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5435"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=5435"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/5435\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/4537"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=5435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=5435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=5435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}