Articles Financial company Morgan Stanley reports customer data breach

Financial company Morgan Stanley reports customer data breach


The American financial giant Morgan Stanley has notified the authorities that a third-party vendor has leaked data on the company’s clients.

Personal information fell into the hands of third parties due to an attack on the outdated file-sharing service Accellion FTA (File Transfer Application). Attacks on it have been observed since December 2020, and even then FireEye analysts linked this activity with the FIN11 hacker group and warned that more than 100 companies had become victims of cybercriminals.

As part of this campaign, hackers exploited four vulnerabilities in the FTA ( CVE-2021-27101 ,  CVE-2021-27102 ,  CVE-2021-27103   CVE-2021-27104 ). The Accellion developers released several waves of fixes for these bugs, but each time they emphasized that FTA has long been an outdated product, and urged their customers to migrate to the new Kiteworks platform. As a result, the company said at all  that it would finally stop supporting the FTA from April 30, 2021.

According to the developers of Accellion, among the approximately 300 FTA clients, “less than 100” were victims of attacks, and among them less than 25 were affected by data theft. FireEye clarified that some of these 25 customers are being blackmailed, and hackers are demanding a ransom from them.

As it turns out, one of the organizations hit by the FTA attack is Guidehouse, which provides account maintenance services to Morgan Stanley StockPlan Connect.

In a letter sent to the New Hampshire attorney general’s office, Morgan Stanley reports that Guidehouse informed them in May 2021 that unknown attackers were using the Accellion FTA to access Morgan Stanley data that included personal information of StockPlan Connect members.

The files stolen in this way were encrypted, but, according to the company, the attacker “was able to obtain the decryption key during the hack due to a vulnerability in Accellion FTA.” The stolen documents contained names, addresses, dates of birth, social security numbers of StockPlan Connect members, as well as company names.

Interestingly, Guidehouse employees discovered what happened in March 2021, although the attack took place back in January. At the same time, Morgan Stanley was generally notified of the incident only two months later, in May, explaining that it was difficult to determine in hindsight what files were stored in the Accellion FTA device when it was jailbroken.

It is known that as a result of this attack, the data of 108 New Hampshire residents were affected, but the company does not disclose how many more people may have become victims of this leak.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you