Investment banking firm Morgan Stanley said some of its clients’ personal information was compromised through a third-party vendor that used the Accellion FTA solution.
Recall that in December last year, cybercriminals managed to find an unpatched vulnerability in the Accellion FTA software, which allowed them to carry out attacks on companies and organizations around the world. The victims of the cyberattacks were the Central Bank of New Zealand, the law firm Allens, the University of Colorado, the Singapore telecommunications company Singtel, etc.
One of the organizations affected was Guidehouse, which provides account services for Morgan Stanley’s StockPlan Connect program. According to Morgan Stanley representatives, Guidehouse informed them in May 2021 that attackers used vulnerabilities in Accellion FTA to access Morgan Stanley documents containing personal information of StockPlan Connect members. The stolen files were encrypted, but the attacker “was able to obtain the decryption key by hacking the Accellion FTA.” The stolen data included names, addresses, dates of birth, social security numbers, and company names.
The vendor only discovered the attack in March 2021 and informed Morgan Stanley two months later, “due to the difficulty of retroactively determining which files were stored in the Accellion FTA product at the time of the compromise.”
Catch up on more articles here
Follow us on Twitter here