Cyber Incident Victim: Morgan Stanley

In February 2022, Morgan Stanley Wealth Management experienced a security incident involving unauthorized access to client accounts through social engineering tactics. On or around February 11, threat actors impersonating Morgan Stanley representatives conducted vishing (voice phishing) attacks, convincing clients to disclose their Morgan Stanley Online account credentials. The attackers used this information to compromise the accounts and initiate unauthorized electronic fund transfers via the Zelle payment service. Morgan Stanley identified the breach and subsequently disabled the affected client accounts to prevent further unauthorized activity. The company confirmed the incident did not result from vulnerabilities within its own systems, stating its infrastructure remained secure throughout the event.

Impacted clients received notifications detailing the compromise timeline and mitigation measures implemented by the firm. Morgan Stanley flagged affected accounts within its Customer Call Center system, requiring additional verification steps for any future phone inquiries related to those accounts. The company reiterated that the breach stemmed solely from clients divulging credentials to malicious actors, not from any failure of Morgan Stanley's security controls. This incident followed a separate July 2021 data breach disclosed by Morgan Stanley, where the Clop ransomware gang stole customer data by exploiting a vulnerability in the Accellion FTA server of third-party vendor Guidehouse. The 2022 attack highlighted continued targeting of financial sector clients through social engineering, with direct financial consequences from fraudulent Zelle transactions. Morgan Stanley's response focused on account containment and enhanced verification protocols while maintaining that internal systems were not compromised.