Over the past year, increasing attention has been drawn to external threats facing the banking system, including hackers and other cyber attacks. Even in the past month, the New York Department of Financial Services announced stricter cybersecurity examinations of covered financial institutions; these examinations are in addition to those conducted by the Office of the Comptroller of the Currency (OCC) and the Federal Financial Institutions Examination Council (FFIEC). Furthermore, the influential Senate Committee on Banking, Housing and Urban Affairs recently called for increased scrutiny of cyber defenses and security preparedness in the financial sector this past December.
In the midst of this cybersecurity issue, however, financial institutions may have forgotten about threats from within. Yesterday, Morgan Stanley reportedly fired an employee after discovering he had stolen and leaked the confidential account data from approximately 350,000 customers. The employee, Galen Marsh, was serving as a financial adviser at the bank’s Manhattan location. Following the data theft, the information, covering around 10 percent of the bank’s customers, was leaked online. The experience of Morgan Stanley illustrates that despite heightened security measures across the board, banks still remain vulnerable to even the most basic threats.