![]() Oh, and btw, MSSB customers, just in case you thought that your Social Security number was still secure (however unlikely that is) some bad guy is very likely to get it real soon. What this letter really says is that after all the coverage of all of the breaches, all the horror stories, all the misery, all the litigation, all the heroic pronouncements by all the regulators, legislators, corporate leaders and consumer advocates, the memo still didn't get to Wall Street where they obviously care more about intellectual property, trade secrets, inside trading, outsized profits and complaining about over-regulation than their most precious asset: their customers. Since reporting of this kind is done routinely every year, why shouldn't there be a secure communications link between the sender and the recipient? And it would be cheaper, too-something state government really does care about at this particular moment. Of course the best question is why CD-ROMs were used to transmit the data in the first place. How critical of a priority is information security if those CD-ROMs were merely password protected, not encrypted? Is it standard operating procedure at Morgan Stanley Smith Barney not to encrypt, or is the NY State Tax Department lacking the technology to decrypt? Further, note the careful phraseology which subtly implies those CD-ROMs might have been taken by anyone involved in the transportation chain, including a NYS employee, before the package was actually delivered "to the intended recipient within the Department." Heck, maybe the dog ate 'em. Like all these "dear Vic(tim)" letters, it begins with a statement that belies the message that follows. And this letter, in particular, deserves some careful parsing and thought. Their seemingly white noise status has begun to afford them the same recognition as the magazine marketing material and pre-approved credit card mailers we find almost every day in our snail mail box. The omitted, yet operative word here is-yet.Īs I said in last week's column, in 2011 breach sightings have rapidly evolved from the Flavor of the Month, to news reel of the week, to "News at Eleven." And letters like this have become so common it's easy not to take them seriously. "While we have no evidence that your sensitive account information has been misused as a result of this incident…" Melding into the "we are praying daily that this never amounts to anything, because we don't want to be sued into the Stone Age" phrase: ![]() The sensitive information on the password-protected CD-ROMs included names, addresses, Social Security numbers, Morgan Stanley Smith Barney account numbers and income earned on tax exempt bonds or funds you hold or held in 2010." The CD ROMs included sensitive information about your account that was sent as a requirement to New York State after filing annual 1099 tax forms. Morgan Stanley was recently notified by the New York State Department of Taxation and Finance that two password-protected CD ROMs included in the package received from Morgan Stanley Smith Barney were missing from the package when it was delivered to the intended recipient within the Department. "We are writing to inform you of a recent security incident involving the sensitive information of certain Morgan Stanley Smith Barney account holders. Then it segues into the sickeningly familiar, "but perhaps not enough" phrase: "At Morgan Stanley Smith Barney, client satisfaction and information security are critical priorities." It began with the now familiar, "we care about you" phrase: ![]() July 7, 2011— - A few days ago, a friend of mine received several letters dated Jfrom Morgan Stanley Smith Barney, where he has kept brokerage accounts for himself and his children for many years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |