The employee, who had worked in the firm’s wealth management division, was terminated, and law enforcement and regulatory authorities were informed.
The breach was discovered in late December during a routine sweep, the firm said. Partial account information, which did not include account passwords or Social Security numbers, of up to 10% of all wealth management clients was stolen. The firm said it is notifying all potentially affected clients and instituting enhanced security procedures, including fraud monitoring on these accounts.
“While there is no evidence of any economic loss to any client, it has been determined that some account information of approximately 900 clients, including account names and numbers, was briefly posted on the Internet,” the company said in a statement. After the exposure was detected, Morgan Stanley removed the information. All impacted clients are being contacted by the firm and their financial advisers.