Resource Recycling
  • The Latest
  • Analysis
    • All
    • Certification Scorecard
    • Industry Announcements
    • Opinion
    Top stories from March 2025

    3 factors force e-scrap processing onshore

    Data center boom sets up ITAD growth

    Certification Scorecard — Week of June 15, 2026

    Tzvika Shahaf of Blancco

    Blancco names new SVP of product strategy

    IT security driving plans, reshaping budgets

    Study cuts projected AI server e-waste by 90%

    A call to action: End markets and EPR

    A call to action: End markets and EPR

  • Conferences
    • Resource Recycling Conference
    • Plastics Recycling Conference
    • E-Scrap: The Longevity Conference
    • Textiles Recovery Summit
  • Publications
    • E-Scrap News
    • Plastics Recycling Update
    • Policy Now
    • Resource Recycling
    • Other Topics
      • All Topics
      • Brand Owners
      • Critical Minerals
      • Glass
      • Grant Watch / RFPs
      • Markets
      • Organics
      • Packaging
      • Research
      • Technology
      • Textiles
Subscribe
No Result
View All Result
Resource Recycling
  • The Latest
  • Analysis
    • All
    • Certification Scorecard
    • Industry Announcements
    • Opinion
    Top stories from March 2025

    3 factors force e-scrap processing onshore

    Data center boom sets up ITAD growth

    Certification Scorecard — Week of June 15, 2026

    Tzvika Shahaf of Blancco

    Blancco names new SVP of product strategy

    IT security driving plans, reshaping budgets

    Study cuts projected AI server e-waste by 90%

    A call to action: End markets and EPR

    A call to action: End markets and EPR

  • Conferences
    • Resource Recycling Conference
    • Plastics Recycling Conference
    • E-Scrap: The Longevity Conference
    • Textiles Recovery Summit
  • Publications
    • E-Scrap News
    • Plastics Recycling Update
    • Policy Now
    • Resource Recycling
    • Other Topics
      • All Topics
      • Brand Owners
      • Critical Minerals
      • Glass
      • Grant Watch / RFPs
      • Markets
      • Organics
      • Packaging
      • Research
      • Technology
      • Textiles
Subscribe
No Result
View All Result
Resource Recycling
No Result
View All Result
Home E-Scrap

Morgan Stanley ‘ignored industry standards’ in data breach

Colin StaubbyColin Staub
September 23, 2021
in E-Scrap
Data center drive removal.
Lawyers allege a Morgan Stanley vice president was fired as a result of data mismanagement during an ITAD job. | Kjetil Kolbjornsrud / Shutterstock

Financial services giant Morgan Stanley terminated a contract with its long-standing IT asset disposition vendor to save money prior to a botched data center decommissioning job in 2016, lawyers alleged in court this month.

Lawyers representing consumers in a class action complaint against Morgan Stanley on Sept. 15 filed a response to the company’s recent request that the lawsuit be dismissed. In the response, the lawyers offered more details about the circumstances of Morgan Stanley’s multiple ITAD incidents that resulted in data mismanagement.

The data breach case came to light in July 2020 when Morgan Stanley alerted consumers that their personal data had the potential to be compromised. The data security concerns stem from ITAD jobs Morgan Stanley hired out in 2016 and 2019.

A handful of class action lawsuits quickly followed, as did a $60 million fine from the federal government.

Last month, Morgan Stanley responded to the complaint in court, asking the judge to dismiss the case and naming the asset disposition vendor that failed to properly wipe devices during the job.

The latest response offers additional context, as well as numerous allegations of negligence on Morgan Stanley’s part.

Attorneys for Morgan Stanley have not yet responded in court but are scheduled to before Sept. 29, according to a court timeline. A Morgan Stanley spokesperson told E-Scrap News the company continues to dispute the allegations by plaintiffs.

“We have continuously monitored the situation and have not detected any unauthorized access to, or misuse of, personal client information,” the spokesperson noted in a written statement. “We continue to vigorously defend against these claims.”

Data center job handled by ‘non-ITAD vendor’

According to the plaintiffs in the class action case, the 2016 data center incident was a direct result of Morgan Stanley changing vendors to save money.

“The 2016 incident was precipitated by Morgan Stanley’s profit-driven decisions to … terminate a contract with its long-standing vendor IBM for the decommissioning, wiping and destruction of computer equipment; hire a local moving company with no [ITAD] experience to do the job; and fail to supervise the project,” the lawyers wrote in this month’s filing.

The financial services company “ignored industry standards, electing instead to save approximately $100,000 by selecting a non-ITAD vendor for the job, and choosing the ‘poor man’s wipe’ when decommissioning the equipment, which IBM, Morgan Stanley, and others knew would leave unencrypted data intact on the equipment,” they added.

They went on to note Morgan Stanley “pressed to make decommissioning assets a ‘profit center,’ attempting to cut costs at every corner.” The claim also indicates a Morgan Stanley vice president involved in overseeing the project was terminated due to the incident.

Morgan Stanley in August identified its vendor as Triple Crown but did not offer any other details about the firm. E-Scrap News at the time contacted a New York City moving company by that name and the company declined to comment. The latest filing confirms the vendor was a moving company, and it adds that the company was hired to decommission more than 4,900 devices.

Triple Crown worked with AnythingIT (which the plaintiff attorneys interchangeably refer to as “WeedHire,” a company that was at the time operated by AnythingIT). The attorneys noted AnythingIT was “the company that was ostensibly to sanitize the equipment.”

AnythingIT in August told E-Scrap News it was not hired to perform any data destruction services, noting it simply purchased and resold retired devices from Triple Crown.

Record-keeping issues and data breach management

Morgan Stanley previously acknowledged in court that the 2016 case came to light after an individual bought used equipment on an e-commerce platform and found Morgan Stanley data retained on the equipment.

The plaintiffs now allege that the financial firm did not immediately ask the buyer to stop using the equipment or arrange to inspect or retrieve it. Instead, they say, Morgan Stanley “simply asked him to overwrite the data to destroy any evidence of its disclosure.”

Plaintiff lawyers claimed in the recent filing Morgan Stanley paid the buyer $40,000 and had him sign a non-disclosure agreement. And they noted this individual situation is just one of many potential instances of equipment from the 2016 data center decommissioning leaving private data vulnerable.

“Thousands of additional pieces of IT equipment containing unencrypted Morgan Stanley client [personally identifiable information] that were sold on the internet remain in the hands of other third party purchasers, who have the skills that enable them to access” the data, the plaintiffs stated.

There were also alleged lapses in Morgan Stanley’s internal record-keeping tracking retired assets.

The plaintiff lawyers alleged the Morgan Stanley vice president who was fired “admitted to his colleagues that Morgan Stanley had used asset inventory control software to track decommissioned devices … early in the project, but then stopped doing so.”

“As a result, Morgan Stanley had no internal records to verify the disposition of its decommissioned IT assets,” the lawyers wrote.

The filing says records were similarly missing after the 2019 data incident, which occurred after Morgan Stanley retired “Wide Area Application Services” devices from local branch offices as part of a hardware refresh program.

Some of these servers were not properly sanitized before being transferred to a third party, which is not named in the filing.

“Morgan Stanley again failed to follow proper chain of custody procedures, and thus did not discover until February 2020 that it was unable to account for numerous devices,” according to the filing.
Ousei

Tags: Data SecurityLegal
TweetShare
Colin Staub

Colin Staub

Colin Staub was a reporter and associate editor at Resource Recycling until August 2025.

Related Posts

Tzvika Shahaf of Blancco

Blancco names new SVP of product strategy

byDavid Daoud
June 17, 2026

At the same time the data erasure landscape is undergoing a major shift.

Recycler cites market pressure in short-term closure

AI, data anxiety push enterprises to destroy working devices: report

byDavid Daoud
May 19, 2026

Blancco’s 2026 State of Data Sanitization Report dropped today—here’s what you need to know.

Paladin adds ICT in Ireland, deepening Europe ITAD push

byScott Snowden
April 7, 2026

Paladin has acquired Ireland-based ICT, adding on-site shredding and expanding its European ITAD footprint as it builds out secure in-region...

ExxonMobil files suit against California AG for defamation

Legal issues continue for canceled Pennsylvania project 

byAntoinette Smith
March 13, 2026

A Pennsylvania engineering consultancy is seeking to impose sanctions on chemical recycler Encina for work relating to a project in...

ERI sues Revivn alleging raid on staff and trade secrets

ERI sues Revivn alleging raid on staff and trade secrets

byScott Snowden
March 10, 2026

ERI has filed a lawsuit against Revivn in New York Supreme Court alleging trade secret theft and a coordinated effort...

Texas sues over dumped wind turbine blades

Texas sues over dumped wind turbine blades

byScott Snowden
February 10, 2026

The state attorney general sued Global Fiberglass Solutions over alleged illegal storage and disposal of all turbine blades at two...

Load More
Next Post
Is plastics recycling worth it? Check the new ISRI Scrap Yearbook

First Person Perspective: Why chemical recycling of plastics is an environmental win

More Posts

Tiger Group offers OCC pulp mill equipment sale

Tiger Group offers OCC pulp mill equipment sale

June 23, 2026

Reworld reports increased e-scrap volumes

June 18, 2026
Closeup of a printed circuitboard

Hardware demand puts new focus on parts harvesting

June 5, 2026
Analysts detail uncertainty for recycled plastics

Analysts detail uncertainty for recycled plastics

April 2, 2025
Recycling startups ink deals with virgin plastics makers

Recycling startups ink deals with virgin plastics makers

May 4, 2018

EPR bill in Colorado signed while New York bills fail

June 7, 2022
Li-ion batteries collected for recycling

Lithium-ion battery recycler to build New York facility

September 22, 2020
Tzvika Shahaf of Blancco

Blancco names new SVP of product strategy

June 17, 2026
Report finds increase in cell phone trade-ins

Report finds increase in cell phone trade-ins

June 17, 2026
IT security driving plans, reshaping budgets

Study cuts projected AI server e-waste by 90%

June 16, 2026
Load More

About & Publications

About Us

Staff

Archive

Magazine

Work With Us

Advertise
Jobs
Contact
Terms and Privacy

Newsletter

Get the latest recycling news and analysis delivered to your inbox every week. Stay ahead on industry trends, policy updates, and insights from programs, processors, and innovators.

Subscribe

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • The Latest
  • Analysis
  • Recycling
  • E-Scrap
  • Plastics
  • Policy Now
  • Conferences
    • E-Scrap Conference
    • Plastics Recycling Conference
    • Resource Recycling Conference
    • Textiles Recovery Summit
  • Magazine
  • About Us
  • Advertise
  • Archive
  • Jobs
  • Staff
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.