In 2016, Morgan Stanley, an American multinational investment bank and financial services company, terminated a contract with its long-term ITAD vendor to save costs after a mismanaged data center decommissioning task in 2016.
The data breach surfaced in July 2020—Morgan Stanley notified their clients that their personal data could be potentially compromised. These data security concerns are rooted in the ITAD-related tasks that took place in 2016 and 2019.
“According to the plaintiffs in the class-action case, the 2016 data center incident was a direct result of Morgan Stanley changing vendors to save money,” (Colin Staub, E-Scrap News, 2021).
“The 2016 incident was precipitated by Morgan Stanley’s profit-driven decisions to … terminate a contract with its long-standing vendor IBM for the decommissioning, wiping and destruction of computer equipment; hire a local moving company with no [ITAD] experience to do the job; and fail to supervise the project,” the lawyers wrote in September’s filing.
The class-action case also noted that Morgan Stanley tried to cut costs wherever they could, to make decommissioning assets a treasure house.
This case is a perfect example of the negative outcomes that result from businesses that choose not to use certified ITAD companies. Saving money on ITAD is risky as it fails to follow the proper chain of custody procedures and puts consumer data at risk for a breach.
Don’t cut corners to save money—Choose Lifespan as your certified ITAD partner for your Data Center, Data Security and Destruction services to ensure you and your business are protected. Contact us today.
For more information on this topic, read the E-Scrap News article, Morgan Stanley ‘ignored industry standards’ in data breach.