Morgan Stanley Company Cyber Security Posture
morganstanley.comMorgan Stanley (NYSE: MS) is a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services. With offices in 42 countries, our firm's employees serve clients worldwide including corporations, governments, institutions and individuals. We are committed to maintaining the first-class service and high standard of excellence that have always defined the firm and everything we do is guided by our five core values: Do the right thing, put clients first, lead with exceptional ideas, commit to diversity and inclusion, and give back.
Morgan Stanley Company Details
morgan-stanley
94632 employees
3465892.0
52
Financial Services
morganstanley.com
615
MOR_1576279
In-progress
Morgan Stanley Risk Score (AI oriented)Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.
Morgan Stanley Global Score.png)
Morgan Stanley Company Scoring based on AI Models
| Model Name | Date | Description | Current Score Difference | Score |
|---|---|---|---|---|
| AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Morgan Stanley Company Cyber Security News & History
| Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
|---|---|---|---|---|---|---|---|
| Morgan Stanley | Breach | 90 | 4 | 07/2021 | MOR75918422 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: Investment banking firm Morgan Stanley experienced a data breach incident after its third-party vendor Accellion FTA server was targeted in a ransomware attack. The breach compromised the personal data including names, addresses, Social security numbers, and other information of its customers and clients. Morgan Stanley along with Guidehouse investigated the incident and took further preventive steps. | |||||||
| Morgan Stanley | Breach | 85 | 4 | 1/2021 | MOR115072825 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The Maine Office of the Attorney General reported that a vendor of Morgan Stanley, Guidehouse, experienced a data breach on January 20, 2021, involving unauthorized access to personal information for approximately 116 Maine residents. The breach was discovered on May 20, 2021, and compromised information included names, addresses, dates of birth, and Social Security numbers. Affected residents are being offered 24 months of Experian IdentityWorks credit monitoring services at no charge. | |||||||
| Morgan Stanley | Breach | 85 | 4 | 7/2020 | MOR037072925 | Link | |
Rankiteo Explanation : Attack with significant impact with customers data leaksDescription: The California Office of the Attorney General reported a data breach involving Morgan Stanley on July 10, 2020. The breach history indicated potential exposure of personal information related to customer accounts due to mishandling of decommissioned equipment that may have contained unencrypted data; however, the exact breach date is not available. | |||||||
| Morgan Stanley Wealth Management | Cyber Attack | 100 | 5 | 02/2022 | MOR1341522 | Link | |
Rankiteo Explanation : Attack threatening the organization's existenceDescription: The wealth and asset management division of Morgan Stanley, Morgan Stanley Wealth Management suffered a social engineering attack. The customers were targeted as a result of vishing (aka voice phishing), a social engineering attack where scammers impersonate a trusted entity during a voice call to convince their targets into revealing sensitive information. The hackers also electronically transferred money to their own bank account by initiating payments using the Zelle payment service. Morgan Stanley immediately disabled the accounts of all customers affected by these attacks and secured its systems. | |||||||
Morgan Stanley Company Subsidiaries
Morgan Stanley (NYSE: MS) is a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services. With offices in 42 countries, our firm's employees serve clients worldwide including corporations, governments, institutions and individuals. We are committed to maintaining the first-class service and high standard of excellence that have always defined the firm and everything we do is guided by our five core values: Do the right thing, put clients first, lead with exceptional ideas, commit to diversity and inclusion, and give back.
Access Data Using Our API
Get company history
Rapid.png)
Morgan Stanley Cyber Security News
Exclusive: Cybersecurity provider Netskope taps Morgan Stanley for US IPO, sources say
NEW YORK, May 28 (Reuters) - Cybersecurity firm Netskope has hired Morgan Stanley (MS.N) , opens new tab to lead preparations for a U.S. initialย ...
Cybersecurity: a strategic investment in a dangerous, uncertain world
According to Grand View Research, the global cybersecurity market is projected to grow from US$245.6 billion in 2024 to US$500.7 billion by 2030ย ...
Morgan Stanley Maintains Equal-Weight Rating on Check Point Software, PT Down to $215
Morgan Stanley has revised its price target for Check Point Software Technologies Ltd. (CHKP), lowering it from $230 to $215 whileย ...
โA Safe Haven in a Volatile Marketโ: Morgan Stanley Picks 3 Top Cybersecurity Stocks to Buy
If the last few months have proven anything, it's that even a long-term bull run is still open to volatile market forces.
Morgan Stanley sees growing cybersecurity demand
Investing.com -- Morgan Stanley analysts see growing cybersecurity demand as companies face an expanding attack surface and a rising volume ofย ...
Morgan Stanley to Pay $60 Million to Settle Data-Breach Suit
(Bloomberg) -- Morgan Stanley agreed to pay $60 million to settle a class action suit by consumers claiming the firm failed to safeguard their personalย ...
Cybersecurity Netskope enlisted Morgan Stanley for IPO marking
Cybersecurity giant Netskope partners with Morgan Stanley to spearhead its upcoming U.S. IPO โ a strategic move signaling major growth andย ...
Robots are coming: Morgan Stanley updates its โHumanoid 100โ stock list
The "Humanoid 100" list tracks key enablers of physical artificial intelligence, and the additions of the two sectors reaffirm the belief that the AI transitionย ...
Morgan Stanley says 'take a breather' on CrowdStrike โ why Jim Cramer disagrees
The cybersecurity company is set up to have a strong second half of 2025.
Morgan Stanley Similar Companies
Fi360 (now Broadridge)
Fi360 is now a part of Broadridge. Broadridge Financial Solutions (NYSE: BR), a global Fintech leader with $5 billion in revenues, provides the critical infrastructure that powers investing, corporate governance, and communications to enable better financial lives. We deliver technology-driven s
The Max Group
Max Group: The Max Group is a leading Indian multi-business conglomerate with interests in the Life Insurance, Healthcare, Real Estate and Senior Living industries. In FY2019, the Group recorded consolidated revenue of Rs. 24,134 Cr. It currently has a total customer base of 9 million, around 340 o
Lincoln Financial
Lincoln Financial (NYSE: LNC) helps people to confidently plan for their version of a successful future. We focus on identifying a clear path toย financial security, with products including annuities, life insurance, group protection, and retirement plan services. ย With our 120-year track record of
Zhongzhi Enterprise Group Co., Ltd
Founded in 1995, Zhongzhi Enterprise Group ("ZEG") has headquartered in Beijing and currently has more than 10,000 employees. As China's leading asset management group, ZEG adheres to the philosophy of "Growing with Excellent Companies", and gradually develops into a diversified financial services g
Otkritie
OTKRITIE Financial Corporation is one of the most dynamic and fastest growing investment banks in Russia. The company has been operating on the stock market as a broker, asset manager, financial advisor and investment bank since 1995. OTKRITIE FC has become a trusted partner for many Russian and int
Goldman Sachs
At Goldman Sachs, we believe progress is everyoneโs business. Thatโs why we commit our people, capital and ideas to help our clients, shareholders and the communities we serve to grow. Founded in 1869, Goldman Sachs is a leading global investment banking, securities and investment management firm. H
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Morgan Stanley CyberSecurity History Information
How many cyber incidents has Morgan Stanley faced?
Total Incidents: According to Rankiteo, Morgan Stanley has faced 4 incidents in the past.
What types of cybersecurity incidents have occurred at Morgan Stanley?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
How does Morgan Stanley detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with disabled affected customer accounts and secured systems and third party assistance with guidehouse.
Incident Details
Can you provide details on each incident?
Incident : Data Breach
Title: Morgan Stanley Data Breach
Description: The California Office of the Attorney General reported a data breach involving Morgan Stanley on July 10, 2020. The breach history indicated potential exposure of personal information related to customer accounts due to mishandling of decommissioned equipment that may have contained unencrypted data; however, the exact breach date is not available.
Date Publicly Disclosed: 2020-07-10
Type: Data Breach
Attack Vector: Mishandling of decommissioned equipment
Vulnerability Exploited: Unencrypted data on decommissioned equipment
Incident : Data Breach
Title: Guidehouse Data Breach
Description: A vendor of Morgan Stanley, Guidehouse, experienced a data breach involving unauthorized access to personal information for approximately 116 Maine residents.
Date Detected: 2021-05-20
Type: Data Breach
Attack Vector: Unauthorized Access
Incident : Social Engineering Attack
Title: Social Engineering Attack on Morgan Stanley Wealth Management
Description: Morgan Stanley Wealth Management suffered a social engineering attack where customers were targeted through vishing. Hackers impersonated a trusted entity during voice calls to obtain sensitive information and electronically transferred money using the Zelle payment service.
Type: Social Engineering Attack
Attack Vector: Vishing
Vulnerability Exploited: Human vulnerability through impersonation
Motivation: Financial gain
Incident : Data Breach
Title: Morgan Stanley Data Breach via Accellion FTA Server
Description: Morgan Stanley experienced a data breach incident after its third-party vendor Accellion FTA server was targeted in a ransomware attack. The breach compromised the personal data including names, addresses, Social Security numbers, and other information of its customers and clients. Morgan Stanley along with Guidehouse investigated the incident and took further preventive steps.
Type: Data Breach
Attack Vector: Ransomware attack via third-party vendor
Vulnerability Exploited: Accellion FTA server vulnerability
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Voice phishing and Accellion FTA server.
Impact of the Incidents
What was the impact of each incident?
Incident : Data Breach MOR037072925
Data Compromised: Personal information related to customer accounts
Incident : Data Breach MOR115072825
Data Compromised: names, addresses, dates of birth, Social Security numbers
Incident : Data Breach MOR75918422
Data Compromised: names, addresses, Social Security numbers, other information
Systems Affected: Accellion FTA server
What types of data are most commonly compromised in incidents?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal information, Personal Information, names, addresses, Social Security numbers and other information.
Which entities were affected by each incident?
Incident : Data Breach MOR115072825
Entity Type: Vendor
Industry: Financial Services
Customers Affected: 116
Incident : Social Engineering Attack MOR1341522
Entity Type: Wealth and Asset Management Division
Industry: Financial Services
Response to the Incidents
What measures were taken in response to each incident?
Incident : Social Engineering Attack MOR1341522
Containment Measures: Disabled affected customer accounts and secured systems
Incident : Data Breach MOR75918422
Third Party Assistance: Guidehouse
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Guidehouse.
Data Breach Information
What type of data was compromised in each breach?
Incident : Data Breach MOR037072925
Type of Data Compromised: Personal information
Data Encryption: Unencrypted
Incident : Data Breach MOR115072825
Type of Data Compromised: Personal Information
Number of Records Exposed: 116
Sensitivity of Data: High
Personally Identifiable Information: True
Incident : Data Breach MOR75918422
Type of Data Compromised: names, addresses, Social Security numbers, other information
Sensitivity of Data: High
Personally Identifiable Information: True
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by disabled affected customer accounts and secured systems.
References
Where can I find more information about each incident?
Incident : Data Breach MOR037072925
Source: California Office of the Attorney General
Date Accessed: 2020-07-10
Incident : Data Breach MOR115072825
Source: Maine Office of the Attorney General
Where can stakeholders find additional resources on cybersecurity best practices?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: California Office of the Attorney GeneralDate Accessed: 2020-07-10, and Source: Maine Office of the Attorney General.
Investigation Status
What is the current status of the investigation for each incident?
Incident : Data Breach MOR75918422
Investigation Status: Investigated by Morgan Stanley and Guidehouse
Initial Access Broker
How did the initial access broker gain entry for each incident?
Incident : Social Engineering Attack MOR1341522
Entry Point: Voice phishing
High Value Targets: Customers
Data Sold on Dark Web: Customers
Incident : Data Breach MOR75918422
Entry Point: Accellion FTA server
Post-Incident Analysis
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Guidehouse.
Additional Questions
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on 2021-05-20.
What was the most recent incident publicly disclosed?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2020-07-10.
Impact of the Incidents
What was the most significant data compromised in an incident?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal information related to customer accounts, names, addresses, dates of birth, Social Security numbers, names, addresses, Social Security numbers and other information.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident was Accellion FTA server.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Guidehouse.
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Disabled affected customer accounts and secured systems.
Data Breach Information
What was the most sensitive data compromised in a breach?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personal information related to customer accounts, names, addresses, dates of birth, Social Security numbers, names, addresses, Social Security numbers and other information.
What was the number of records exposed in the most significant breach?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 116.0.
References
What is the most recent source of information about an incident?
Most Recent Source: The most recent source of information about an incident are California Office of the Attorney General and Maine Office of the Attorney General.
Investigation Status
What is the current status of the most recent investigation?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Investigated by Morgan Stanley and Guidehouse.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Voice phishing and Accellion FTA server.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
