Morgan Stanley Smith Barney loses CDs containing data on 34,000 customers

Financial services firm Morgan Stanley Smith Barney (MSSB) has become the latest company to suffer a major data breach after losing two CDs containing sensitive information on 34,000 customers.

Documents posted by financial news service Credit.com claim that MSSB has notified customers that the CDs contain names, addresses, social security numbers and account numbers.

MSSB said that the CDs were lost en route to the New York State Department of Taxation and Finance as part of a financial filing package. The information was password protected, but not encrypted.

The company did not respond to a request from V3.co.uk for confirmation or comment on the reports.

The incident comes as data breach reports are becoming increasingly common. A recent survey from Juniper Networks suggests that 90 per cent of enterprises have suffered some sort of data loss in the past 12 months.

Authorities in the UK have recently sought to tighten the rules on disclosing breaches. Meanwhile, researchers estimate that data breaches cost businesses an average of £2m per incident.

MSSB customers who have been affected by the loss are advised to keep a close eye on their credit activity.

Johnnie Konstantas, director of cloud security marketing at Juniper Networks, suggested that, where possible, customers should change the compromised information.

"I would try to understand all the data that was compromised and make an inventory about those pieces of data," she told V3.co.uk. "Data like this is extremely valuable and there is a market for it."

Nikfar Khaleeli, director of data loss prevention at McAfee, told V3.co.uk that, while MSSB suffered an apparent breakdown in its security procedures by not encrypting the CDs, the company is far from alone in falling victim to these types of incident.

"MSSB is not the only company where this has happened. It is a pervasive problem and it highlights the need for pervasive protection," he said.