• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » data privacy » Morgan Stanley Reports Data Breach

Morgan Stanley Reports Data Breach

2021-07-14 by Grace Choi

Third-Party Vendor Hack Results in Finance Giant Data Breach

A major U.S. financial institution reported a data breach earlier this month, which was a result of a string of attacks on Accellion FTA servers. These attacks resulted in stolen data from numerous companies, universities, and organizations. According to Accellion, less than 100 out of 300 customers have been affected by the attack on their servers.

Guidehouse, a third-party vendor, provides account maintenance services to Morgan Stanley’s StockPlan Connect business. In a May notice, the company alerted Morgan Stanley of an attack on their servers that stole data from their stock plan clients.

There Is No Evidence That Stolen Data Has Been Distributed Or Sold

Hacking into Guidehouse’s Accellion FTA server, attackers stole encrypted files as well as the corresponding decryption key from Morgan Stanley. According to Morgan Stanley, the documents stolen related StockPlan Connect clients included:

  • Participants’ names
  • Physical addresses
  • Date of birth
  • Social security numbers
  • Corporate company names

SEE ALSO Ukrainian Charged for Hacking SEC’s EDGAR

There were no passwords or credentials stolen that could be used to gain access to stock plan clients’ financial accounts.

Guidehouse’s server was breached in January, due to an Accellion FTA vulnerability that could not be patched in time. They discovered the breach in March, notifying Morgan Stanley in May after they learned that the financial institution had been affected. According to Guidehouse, there is no evidence that the files stolen from Morgan Stanley have been distributed or sold on any hacking forums.

Morgan and Stanley assured them that no Morgan Stanley applications were breached. The only files involved were those in Guidehouse’s possession according to a notice to their affected customers shared on Bleeping Computer.

READ US Feds Release 10 Most Wanted Cyber Fugitives List

FIN11 Cybercrime Group

Accellion and Mandiant published a joint statement, directly linking FIN11 threat group to the attacks. The cybercriminals are also responsible for a series of Accellion attacks that preceded the Guidehouse attacks. FN11 and the Clop ransomware gang are responsible for attacks on multiple companies that use Accellion’s services. a zero-day vulnerability was used to carry out these attacks, which means that an unpatched bug or security flaw resulted in a successful attack.

The known targets of recent Accellion FTA attacks include:

  • Royal Dutch Shell plc (known to us as Shell)
  • Reserve Bank of New Zealand
  • Kroger (supermarkets)
  • The Office of the Washington State Auditor (SAO)
  • The Australian Securities and Investments Commission (ASIC)
  • Stanford Medicine
  • University of Maryland Baltimore (UMB)
  • The University of California
  • ABS Group (a technical services company)
  • Jones Day law firm
  • Danaher (a Fortune 500 science and technology corporation)
  • Fugro (a geo-data specialist)
  • The University of Colorado

There were additional universities targeted in Colorado and Miami, Florida.

How Zero-Day Exploits Work

A zero-day vulnerability is a flaw or bug in a system that has been discovered but has yet to be fixed. A zero-day exploit means that an attacker releases malware into the system before a developer is able to patch it. A threat actor would see the flaw and either beat the developer to it or take advantage of it before the developer even has a chance to spot it. The attacker would create an exploit code before the vulnerability is patched and it is released. These attacks usually result in identity or data theft.

A zero-day exploit is no longer a zero-day exploit after it is patched.

While the way it writes makes it seem like a mad dash to the vulnerability, developers often don’t find it until an attack has occurred. In the case of Accellion, the vulnerability occurred before the company learned of an attack. It wasn’t until looking into the breach that the source was discovered.

This type of post-mortem discovery is useful in determining the lifespan of an attack, however, it does not guarantee that such an attack will not happen in the future. Much of a developer’s day is spent fixing bugs that were not there the day before and depending on the magnitude of a project or the profile level of a company, attackers may already be poised to attack.

Filed Under: data privacy

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version