The personal data of 34,000 Morgan Stanley investment clients has been exposed, Credit.com reported July 5.
Morgan Stanley sent two letters to clients explaining that their names, addresses, account and tax identification numbers had been compromised. The income they earned on investments last year was also mixed in with the exposed data, and some clients' Social Security numbers were also exposed.
The data was stored on two compact discs, which were lost. The CDs were password protected, but the data on them was not encrypted, the article said.
The CDs were mailed to the New York State Department of Taxation and Finance to provide the department with information on clients in tax-exempt funds and bonds. Though the package appeared intact, the CDs went missing by the time it arrived at its intended recipient, the article said.
Morgan Stanley learned of the incident from the state on June 8 and spent the next two weeks tracing the path of the package in an attempt to recover the discs. It began notifying clients of the breach on June 24.