Resource Recycling
  • The Latest
  • Analysis
    • All
    • Certification Scorecard
    • Industry Announcements
    • Opinion
    Top stories from March 2025

    3 factors force e-scrap processing onshore

    Data center boom sets up ITAD growth

    Certification Scorecard — Week of June 15, 2026

    Tzvika Shahaf of Blancco

    Blancco names new SVP of product strategy

    IT security driving plans, reshaping budgets

    Study cuts projected AI server e-waste by 90%

    A call to action: End markets and EPR

    A call to action: End markets and EPR

  • Conferences
    • Resource Recycling Conference
    • Plastics Recycling Conference
    • E-Scrap: The Longevity Conference
    • Textiles Recovery Summit
  • Publications
    • E-Scrap News
    • Plastics Recycling Update
    • Policy Now
    • Resource Recycling
    • Other Topics
      • All Topics
      • Brand Owners
      • Critical Minerals
      • Glass
      • Grant Watch / RFPs
      • Markets
      • Organics
      • Packaging
      • Research
      • Technology
      • Textiles
Subscribe
No Result
View All Result
Resource Recycling
  • The Latest
  • Analysis
    • All
    • Certification Scorecard
    • Industry Announcements
    • Opinion
    Top stories from March 2025

    3 factors force e-scrap processing onshore

    Data center boom sets up ITAD growth

    Certification Scorecard — Week of June 15, 2026

    Tzvika Shahaf of Blancco

    Blancco names new SVP of product strategy

    IT security driving plans, reshaping budgets

    Study cuts projected AI server e-waste by 90%

    A call to action: End markets and EPR

    A call to action: End markets and EPR

  • Conferences
    • Resource Recycling Conference
    • Plastics Recycling Conference
    • E-Scrap: The Longevity Conference
    • Textiles Recovery Summit
  • Publications
    • E-Scrap News
    • Plastics Recycling Update
    • Policy Now
    • Resource Recycling
    • Other Topics
      • All Topics
      • Brand Owners
      • Critical Minerals
      • Glass
      • Grant Watch / RFPs
      • Markets
      • Organics
      • Packaging
      • Research
      • Technology
      • Textiles
Subscribe
No Result
View All Result
Resource Recycling
No Result
View All Result
Home E-Scrap

Morgan Stanley faces lawsuits from ITAD data mishap

Colin StaubbyColin Staub
August 6, 2020
in E-Scrap
Open lock against a green binary code screen.
Morgan Stanley says it has not detected unauthorized use of personal information related to the recent data security incidents. | Chim/Shutterstock

Financial institution Morgan Stanley recently told customers an ITAD vendor’s mistakes may have left personal information susceptible to misuse. Multiple clients have filed suit against the investment firm.

Morgan Stanley on July 10 wrote to clients disclosing “potential data security incidents” related to their personal information. The incidents occurred during multiple ITAD processes over the past four years, according to the letter.

“In 2016, Morgan Stanley closed two data centers and decommissioned the computer equipment in both locations,” the company wrote. “As is customary, we contracted with a vendor to remove the data from the devices. We subsequently learned that certain devices believed to have been wiped of all information still contained some unencrypted data.”

In an incident in 2019, another ITAD project involved retiring and replacing computer servers in multiple local branch offices, according to a separate notification the company issued to the Iowa Attorney General’s Office. These retired servers may have stored personal information.

“During a recent inventory, we were unable to locate a small number of those devices,” wrote Gerard Brady, chief information security officer for Morgan Stanley. “The manufacturer subsequently informed us of a software flaw that could have resulted in small amounts of previously deleted data remaining on the disks in unencrypted form.”

Morgan Stanley will pay for two years of credit monitoring for customers whose data may have been breached, according to the notifications. The company will also pay for free “identity restoration” services if a client’s information is found to be compromised.

In a statement to E-Scrap News, a Morgan Stanley spokesperson said company officials have “continuously monitored the situation and have not detected any unauthorized activity related to the matter, nor access to or misuse of personal client data.”

In both instances, Morgan Stanley “investigated the disposition and handling of the devices, and worked with outside technical experts to understand any potential risks to customer data in light of the technical characteristics and configuration of each of the relevant devices,” according to the notification to the Iowa Attorney General.

Morgan Stanley did not name the contracted processor that handled the decommissioning events in question. According to a report in AdvisorHub that cited an unnamed source, Morgan Stanley is “considering appropriate legal action against the firm hired to scrub the data.”

The data security incidents have so far spurred two class action lawsuits against Morgan Stanley on behalf of clients concerned about their personally identifiable information being breached. Filed on July 29 and July 31 in the U.S. District Court for the Southern District of New York, the lawsuits allege negligence, invasion of privacy and unjust enrichment for failing to properly protect clients’ information.

The personal information of clients was compromised due to Morgan Stanley’s “negligent and/or careless acts and omissions and the failure to protect customers’ data,” according to the July 31 lawsuit. “In addition to Morgan Stanley’s failure to prevent the data breach, defendant failed to detect the data breach for years, and when they did discover the data breach, it took them over a year, possibly longer, to report it to the affected individuals and the states’ attorneys general.”

The lawsuits ask the court to compel Morgan Stanley to use “appropriate cyber security methods and policies with respect to [personally identifiable information] collection, storage, protection and disposal,” among other actions.

Morgan Stanley has not filed a response in court. The company declined to comment to E-Scrap News on the legal actions.

Industry responds with takeaways and lessons

The case has generated interest within the ITAD and data security fields, specifically as an example highlighting the importance of proper data management practices.

Kyle Marks, CEO of Retire-IT, wrote that the plaintiffs in the lawsuits will be eager to demonstrate that Morgan Stanley ignored certain obligations. And they’ll be seeking to bring to light more specifics about the data security incidents.

“Naturally, we should expect plaintiffs to ask, how do we know only a ‘small’ number of servers is missing?” wrote Marks, whose company connects ITAD clients with processors. Marks frequently writes about concerns over data security practices within the ITAD sector.

Bob Johnson of the National Association for Information Destruction (NAID) wrote that the Morgan Stanley case highlights the risk for all ITAD clients of past careless asset disposal practices. NAID provides certification for data destruction firms.

“There is no statute of limitation on future data breaches,” Johnson wrote. “If a hard drive turns up five or 10 years down the road with personal information on it, it is still a data breach plain and simple. Ignoring missing or improperly wiped electronic media today simply means there are a bunch of time bombs floating around.”

He commended Morgan Stanley for disclosing the data breach, noting that the cost of not reporting a discovered breach can be far higher than doing so. And he offered some takeaways for companies based on the Morgan Stanley situation.

“Going forward, organizations need to do better,” Johnson wrote. “They need to be sure 1) they are accounting for IT equipment from the moment it is acquired to the point it is finally disposed, and, 2) elevate the selection criteria, operating criteria, monitoring procedures, and contracts of IT asset disposal services they use.”
 

Tags: Data SecurityLegal
TweetShare
Colin Staub

Colin Staub

Colin Staub was a reporter and associate editor at Resource Recycling until August 2025.

Related Posts

Tzvika Shahaf of Blancco

Blancco names new SVP of product strategy

byDavid Daoud
June 17, 2026

At the same time the data erasure landscape is undergoing a major shift.

Recycler cites market pressure in short-term closure

AI, data anxiety push enterprises to destroy working devices: report

byDavid Daoud
May 19, 2026

Blancco’s 2026 State of Data Sanitization Report dropped today—here’s what you need to know.

Paladin adds ICT in Ireland, deepening Europe ITAD push

byScott Snowden
April 7, 2026

Paladin has acquired Ireland-based ICT, adding on-site shredding and expanding its European ITAD footprint as it builds out secure in-region...

ExxonMobil files suit against California AG for defamation

Legal issues continue for canceled Pennsylvania project 

byAntoinette Smith
March 13, 2026

A Pennsylvania engineering consultancy is seeking to impose sanctions on chemical recycler Encina for work relating to a project in...

ERI sues Revivn alleging raid on staff and trade secrets

ERI sues Revivn alleging raid on staff and trade secrets

byScott Snowden
March 10, 2026

ERI has filed a lawsuit against Revivn in New York Supreme Court alleging trade secret theft and a coordinated effort...

Texas sues over dumped wind turbine blades

Texas sues over dumped wind turbine blades

byScott Snowden
February 10, 2026

The state attorney general sued Global Fiberglass Solutions over alleged illegal storage and disposal of all turbine blades at two...

Load More
Next Post

Letter from California: Recycling initiative seeks input

More Posts

Tiger Group offers OCC pulp mill equipment sale

Tiger Group offers OCC pulp mill equipment sale

June 23, 2026

Reworld reports increased e-scrap volumes

June 18, 2026
Closeup of a printed circuitboard

Hardware demand puts new focus on parts harvesting

June 5, 2026
Analysts detail uncertainty for recycled plastics

Analysts detail uncertainty for recycled plastics

April 2, 2025
Recycling startups ink deals with virgin plastics makers

Recycling startups ink deals with virgin plastics makers

May 4, 2018

EPR bill in Colorado signed while New York bills fail

June 7, 2022
Li-ion batteries collected for recycling

Lithium-ion battery recycler to build New York facility

September 22, 2020
Tzvika Shahaf of Blancco

Blancco names new SVP of product strategy

June 17, 2026
Report finds increase in cell phone trade-ins

Report finds increase in cell phone trade-ins

June 17, 2026
IT security driving plans, reshaping budgets

Study cuts projected AI server e-waste by 90%

June 16, 2026
Load More

About & Publications

About Us

Staff

Archive

Magazine

Work With Us

Advertise
Jobs
Contact
Terms and Privacy

Newsletter

Get the latest recycling news and analysis delivered to your inbox every week. Stay ahead on industry trends, policy updates, and insights from programs, processors, and innovators.

Subscribe

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • The Latest
  • Analysis
  • Recycling
  • E-Scrap
  • Plastics
  • Policy Now
  • Conferences
    • E-Scrap Conference
    • Plastics Recycling Conference
    • Resource Recycling Conference
    • Textiles Recovery Summit
  • Magazine
  • About Us
  • Advertise
  • Archive
  • Jobs
  • Staff
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.