(Reuters) -Morgan Stanley has disclosed that personal data of some of its corporate clients was stolen in a data breach in January involving a third-party vendor, in which hackers accessed information, including social security numbers of some clients.
The bank was notified of the breach in May by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, it said in a letter dated July 2.
Files stolen included client names, addresses, date of birth, social security numbers and corporate company names, the bank said.
Attackers gained access to the information by exploiting a vulnerability in Guidehouse’s server Accellion FTA. The vulnerability was patched within five days.
Although the files were encrypted, the attackers were able to obtain the decryption key during the breach, the bank said.
“We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients,” a bank spokesperson said.
The hack, reported earlier by technology news portal Bleeping Computer, was discovered in March by Guidehouse and its impact on Morgan Stanley was found in May, the letter said.
(Reporting by Niket Nishant in Bengaluru; Editing by Arun Koyyur)
