Morgan Stanley is facing a data breach after it was discovered that hackers have accessed a number of client data. The data breach happened in January and involved a third party vendor.
According to Bloomberg, the Morgan Stanley data breach "involved exploitation of a vulnerability in file-transfer software from Accellion Inc."
Morgan Stanley Hack: How It Happened
Morgan Stanley hackers exploited the vulnerability in a file-transfer software being used by their third party vendor, Guidehouse. Guidehouse is a consulting company that provides Morgan Stanley account maintenance services.
Specifically, Guidehouse deals with Morgan Stanley's stock-plan business clients whose accounts had gone dormant. These dormant accounts have assets that are in danger of being liquidated and turned over to the state, according to Bloomberg.
The vulnerability was patched within five days' time, but the hackers were able to get the decryption key for the data.
Per a report by Reuters, Guidehouse discovered the data breach in March. Morgan Stanley subsequently found out about the hack in May.
Related Article: Biden: Federal Probe Against 'REvil' Ransomware Attack with More Than 1,000 Victims, Linked to Russians
Morgan Stanley Data Breach: Which Data Was Stolen
The hackers who have accessed and stolen Morgan Stanley's data were able to get client information such as client names, corporate company names, social security numbers, dates of birth, and addresses. No passwords were stolen, per Bloomberg's report.
According to Reuters, the stolen files have been recovered and Guidehouse has said that the data hasn't been distributed online. Despite this, Morgan Stanley is said to be monitoring the dark web for evidence that proves otherwise.
Accellion FTA Hack
Morgan Stanley is the latest reported company affected by the hack on Accellion's File Transfer Appliance (FTA) software, which happened late last year.
In a statement posted on the company's official website, Accellion said that it engaged cybersecurity forensics firm FireEye Mandiant to investigate the cyberattacks.
FireEye Mandiant was able to patch all FTA vulnerabilities. The cybersecurity firm also informed Accellion that it found no additional vulnerabilities that could have been exploited by the hackers.
The cyberattack on Accellion has since been connected to a hacker group called Cl0p Gang. Other victims of the cyberattack on Accellion's FTA include the State of Washington, which faced a data breach involving 1.6 million unemployed citizens. The design and other sensitive data of Globaleye, a Canadian spy plane, had also been leaked.
Accellion Company Background
Accellion Inc. is the provider of Kiteworks, which is known as the first enterprise content firewall in the industry. This enterprise content firewall is meant to prevent "data breaches and compliance violations from sensitive third party communications," according to the company statement.
Accellion has been able to provide secure file sharing services, enterprise app and Microsoft Office plugins, secure web forms, enterprise workflow automation, and other services to its clients.
Also Read: Ransomware Operations of Clop Gang Resumes After Recent Arrests - New Data Breach Victims
This article is owned by Tech Times
Written by Isabella James