Exploit: Third-Party Data Breach

Morgan Stanley: Financial Services Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.216 = Severe

Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.462 = Severe

Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers, and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.

Source: Bleeping Computer