A data breach refers to a scenario whereby either the company’s own intellectual property, its finances, or a customer’s information gets leaked to unauthorized people. There are quite a number of causes of a data breach episode such as cyber-attacks, stolen or compromised login credentials, phishing, human mistakes, IT system failures, and inadequate disposal of the data. Organizations often take proactive measures for safeguarding data-in-use (active data); however, once the greece rcs data data has fulfilled its purpose or has become redundant and obsolete or the device that stores this data has reached its EOL, it becomes crucial to securely wipe data from the storage media before disposing, reallocating or repurposing it. Failure to do so can lead to episodes of data breach, like the one Morgan Stanley experienced.
In 2016, Morgan Stanley outsourced the decommissioning of its data center to an external service provider. While the vendor had dismantled the data center, they did not wipe data from the server drives before selling in the secondary market. This major negligence exposed the PII of more than 15 million Morgan Stanley clients. This led to legal and financial repercussions that involved fines of over $150 million imposed by OCC, SEC, and court settlement. If Morgan Stanley had securely erased the hard drives to permanently wipe all confidential information, then the company could have prevented the data breach and avoided the associated damage to its reputation, finances, and legal standing.