By Pam Martens: September 21, 2022 ~
Yesterday, Gurbir Grewal, the Director of Enforcement for the Securities and Exchange Commission, said that the manner in which Wall Street mega bank, Morgan Stanley, had allowed the personal information of its clients to be auctioned off online on hard drives was “astonishing.”
Grewal is not someone who can be easily astonished. Grewal came to the SEC from his post as Attorney General of New Jersey. Before that he had been the Bergen County Prosecutor. Prior to that he held various positions in the Justice Department’s U.S. Attorney’s Office for the District of New Jersey, including his last position there as Chief of the Economic Crimes Unit.
Exactly what was it that astonished Grewal? According to the SEC’s Cease and Desist Order, here’s what happened:
The retail brokerage unit of Morgan Stanley known as Morgan Stanley Smith Barney wanted to decommission two of its data centers in Poughkeepsie, New York and Columbus, Ohio in 2016. To do that, it hired a moving company and an information technology (IT) company, that had submitted a joint bid, to decommission the two data centers. Under the contract that Morgan Stanley executed with the pair, the moving company would pick up the devices and the IT company would wipe them clean of client information. If the devices were then resold, Morgan Stanley Smith Barney was to get 60 to 70 percent of the resale amount.
Almost nothing under the terms of that contract occurred as it should have – and here comes the astonishing part – nobody at Morgan Stanley noticed. The SEC describes, as follows, how Morgan Stanley was awakened from its slumber:
“On October 25, 2017, nearly a year after the completion of the 2016 Data Center Decommissioning, MSSB received an email from an IT consultant in Oklahoma (‘Consultant’). In that email, Consultant informed MSSB that he had purchased hard drives from an online auction site and that he had access to MSSB’s data on those devices. In that email, Consultant informed MSSB that ‘[y]ou are a major financial institution and should be following some very stringent guidelines on how to deal with retiring hardware. Or at the very least getting some kind of verification of data destruction from the vendors you sell equipment to.’ MSSB eventually repurchased the hard drives in Consultant’s possession.”
That’s pretty astonishing in itself: Being lectured on the competent handling of personal client information by someone buying hardware at an online auction site when you are a Global Systemically Important Bank with $1.17 trillion in assets and more than a century of existence.
According to the SEC, the “vast majority of the hard drives from the 2016 Data Center Decommissioning remain missing” and in July 2020 Morgan Stanley Smith Barney had to notify “approximately 15 million impacted customers” that their personal data might be floating around out there – unencrypted.
I worked at Smith Barney as a licensed broker for 11 years in the 80s and early 90s. (Its retail brokerage became part of a joint venture with Morgan Stanley during the financial crisis in 2009. Morgan Stanley bought the balance of the Smith Barney brokerage in 2013.) Part of the information that goes on every account card for a new client is the following: Social Security number; name; address; telephone number; total net worth; investment objective.
Thus, it is reasonable to be concerned that there are upwards of 15 million Social Security numbers, potentially linked to names and addresses and net worth, floating around somewhere they shouldn’t be as a result of gross negligence, gross incompetence, or both at Morgan Stanley.
Morgan Stanley had net income of $14.57 billion last year. For putting millions of pieces of personal data at risk and giving 15 million of its customers anxiety about the safety of their Social Security numbers and investments, the SEC fined Morgan Stanley a mere $35 million.
Yesterday, before this story broke, we published an article chiding the Senate Banking and House Financial Services Committees for giving the CEOs of Morgan Stanley and Goldman Sachs a pass at the banking hearings this week. This current news about Morgan Stanley makes that omission all the more striking. (See our report: Goldman Sachs and Morgan Stanley Have Mysteriously Disappeared from this Week’s Senate and House Banking Hearings.)
Against this backdrop is the reality that the most famous photo in America right now is the one to the left. What that one photo captures is the fact that despite American taxpayers funding 18 intelligence agencies in this country, Donald Trump was able to remove dozens of boxes containing highly classified material from the White House and carelessly store them at his 114-room resort hotel, Mar-a-Lago, in Palm Beach, Florida. Some of these documents were marked Top Secret/SCI – meaning they were Sensitive Compartmented Information that should have been maintained in a government approved SCIF – Sensitive Compartmented Information Facility. Trump’s sloppy handling of the documents may have put American lives at risk as well as the national security of the United States.
Donald Trump’s last day in the office of the President was January 20, 2021. The FBI raid on Mar-a-Lago occurred on August 8, 2022 – ostensibly more than 18 months after Trump was illegally in possession of highly classified national security documents. Exactly what were those 18 U.S. intelligence agencies doing in all this time? Why hadn’t they noticed that the documents were missing between the time that Trump incited an attack on the seat of government on January 6, 2021 and Trump leaving office on January 20, 2021?
An even larger question looms as to how those 18 intelligence agencies ever allowed Donald Trump to possess these documents in the first place. Trump was the quintessential candidate to be compromised by a foreign enemy when he arrived in the Oval Office: He had taken six of his businesses into bankruptcy; 16 women had alleged he had sexually assaulted or sexually harassed them; he had stated on a widely-circulated video that he grabbed women by the p***y; he had multiple ties to the mafia and Russian oligarchs.
If 18 intelligence agencies can’t protect the national security secrets of the United States; if thousands of compliance personnel and lawyers working for Morgan Stanley are incapable of protecting the private, personal information of 15 million clients, what kind of dystopian society are we actually living in currently in the United States? For a closer look at that topic, see related articles below.