There’s an update in the case of fired Morgan Stanley wealth management adviser Galen Marsh, who had been accused of stealing account data on about 350,000 clients and posting some of that information for sale online.
Nate Raymond and Joseph Ax of Reuters report that Marsh pleaded guilty today to swiping more than double the amount of data Morgan Stanley had previously admitted to:
Marsh copied names, addresses, account numbers, investment information and other data for approximately 730,000 accounts, prosecutors said in court papers. While improperly accessing the client information, Marsh was in talks about landing a new job with two Morgan Stanley competitors, the documents said.
According to the Wall Street Journal, court documents indicate that Marsh
allegedly made more than 5,000 unauthorized searches of confidential client information on the firm’s computer systems using the identification numbers of other Morgan Stanley branches, groups and advisers, beginning in June 2011. He uploaded the data, which included client names, addresses, account numbers and investment information, to a personal server in his New Jersey home, the prosecutors alleged.
As to the data that were allegedly posted online for sale, Morgan Stanley had reported in January that information from about 900 clients had been posted on Pastebin, an act which they attributed to Marsh. But by February, federal authorities were pursuing the hypothesis that the data had been acquired and posted by hackers. And although Marsh pleaded guilty today to stealing the information, he denied that he ever posted data, sold it, or disclosed any of it. According to Marsh’s attorney:
“The truth is that the Internet disclosures were the result of outside hackers, and he had absolutely nothing to do with it,” Gottlieb said, adding that he is hopeful Marsh will not be sentenced to any prison time.
Read more on Business Insider.
Marsh reportedly faces up to 37 months in prison, but his attorney is hoping he won’t get any prison time.
It’s not clear at this point how the data wound up on Pastebin and on Twitter earlier this year, but one possibility is that hackers hacked Marsh’s personal server to which he had transferred the data.