Couple Blames Morgan Stanley for ‘A Lifetime Risk of Identity Theft’

August 19, 2020

Two more former Morgan Stanley clients have brought a class action against the wirehouse tied to data breaches dating back to 2016, according to news reports.

Former client Midori Nelson and her husband John Nelson claim the firm was negligent in protecting their personal information, FA-IQ sister publication FundFire writes, citing a suit filed before the U.S. District Court for the Southern District of New York. 

The suit is related to data breaches dating back to 2016, when Morgan Stanley shut down two data centers and decommissioned their computer equipment, hiring a third-party firm to wipe customer data. But the firm later learned that the devices still held unencrypted data — and that those devices are now missing, according to a July 2020 notice from the firm to clients enclosed in the latest lawsuit, FundFire writes. The notice was also included in lawsuits filed previously. 

The firm also said that disconnected servers at several branches likewise contained unencrypted data because of a software error in 2019, according to the suits. 

Midori Nelson had an individual retirement account with Morgan Stanley, with her husband listed as her beneficiary, from 2000 to 2003, FundFire writes. Their suit claims that they and other Morgan Stanley customers “face a lifetime risk of identity theft, which is heightened here by the loss of customers’ Social Security numbers,” according to the suit cited by the publication.

Furthermore, the Nelsons — much like the plaintiffs in earlier suits — claim that the two years of credit monitoring that Morgan Stanley offered them was inadequate, FundFire writes. 

A Morgan Stanley spokesperson says the company has “continuously monitored the situation and [has] not detected any unauthorized activity related to the matter, nor access to or misuse of personal client data,” according to the publication.

In all, Morgan Stanley is facing at least six lawsuits related to the data breaches, all filed in the Southern District of New York by residents of New York, California and other states, according to court documents.

Martin Behar, who had a brokerage account with the firm from 2013 to 2015, claims in his suit that the company left him vulnerable to fraudsters intent on stealing his personal information to sell on the dark web or make tfraudulent purchases. 

Richard Grossman, who has an active account with the firm, and Howard Katz, whose account is no longer active, filed suit accusing the firm of failing to protect their personal information and to alert them to the breach in a timely manner. And several residents of California, New York, Florida and Illinois, including one existing and three former Morgan Stanley clients, made similar allegations in a separate suit. 

In 2016, the SEC fined Morgan Stanley $1 million for failing to have federally mandated policies and procedures guarding customer information, as reported.

Do you have a news tip you’d like to share with FA-IQ? Email us at

By Alex Padalka
  • To read the FundFire article cited in this story, click here if you have a paid subscription.