A fired Morgan Stanley financial adviser accused of stealing client data never intended to sell the information and "is extremely sorry for his conduct," his lawyer said.
Galen Marsh, 30, "acknowledged that he should not have obtained the account information and has been cooperating with Morgan Stanley to protect the firm and its customers," his lawyer, Robert C. Gottlieb at Gottlieb & Gordon LLP, said today in a phone interview.
Marsh, who joined the bank in 2008 and worked in New York, was dismissed last week, said a person briefed on the matter who asked not to be identified discussing an investigation.
Client information for as many as 350,000 wealth-management clients was stolen. The firm alerted law enforcement and found no evidence that customers lost any money, New York-based Morgan Stanley said in a statement. The bank said it detected account information for about 900 clients on an external website and "promptly" had it removed.
"Mr. Marsh did not sell nor ever intend to sell any account information whatsoever," Gottlieb said. "He did not post the information online. He did not share any account information with anyone nor use it for any financial gain. He is devastated by what has occurred and is extremely sorry for his conduct."
Marsh joined Morgan Stanley as a sales assistant and was promoted to financial adviser last year, according to the person briefed on the matter. He previously worked at Bear Stearns Cos., according to Financial Industry Regulatory Authority records.
The bank said it's notifying all potentially affected clients, which represent about 10 percent of its wealth- management customers, and enhancing security on those accounts. The Federal Bureau of Investigation's New York office is investigating the incident, according to a person familiar with the matter.
"Morgan Stanley takes extremely seriously its responsibility to safeguard client data, and is working with the appropriate authorities to conduct and conclude a thorough investigation of this incident," the company said in the statement.
The information didn't include passwords or Social Security numbers, according to the statement. Bank account and credit- card data also weren't compromised, according to a person briefed on the bank's investigation.
The inquiry found the employee may have been seeking to sell the stolen information, though there was no evidence any third party received it, the person said. The firm has disabled the application used to access the data, the person said.
Regulators are pushing banks to be more vigilant about and hold capital against so-called operational risk, potential harm to a firm's business or reputation from human error, external threats, fraud and litigation. A hacking attack against JPMorgan Chase & Co. last year compromised personal information of about 76 million households.
In 2011, Morgan Stanley's brokerage unit said unencrypted compact discs containing tax information for 34,000 clients were lost in transit to the New York State Department of Taxation and Finance. The firm said at the time it found no evidence the data was misused.
Morgan Stanley fell 3.1 percent to $37.50 in New York, the most since October.