I saw this one coming after seeing all of the headlines blaming Morgan Stanley Smith Barney for the loss of two CDs with client data. I think a lot of people interpreted Credit.com’s original reporting on the breach to mean that the CDs arrived at the state offices. But their reporting was actually a bit ambiguous as they wrote:
The company mailed the CDs containing information about investors in tax-exempt funds and bonds to the New York State Department of Taxation and Finance. It appears the package was intact when it reached the department, but by the time it arrived on the desk of its intended recipient the CDs were missing, Wiggins said.
Today, Christopher Maag reports:
Two CD-ROMs containing the private information of 34,000 investment clients of Morgan Stanley Smith Barney still have not been found, but the controversy over who’s to blame for the data breach continues to grow. In statements to Credit.com, Morgan Stanley and the New York State Department of Taxation and Finance blame each other for the mess.
“We were notified by the state that the package appeared to be intact when it arrived at the facility, however the discs were not contained in it when it was given to the intended recipient” inside the department, Jim Wiggins, a spokesman for Morgan Stanley Smith Barney, told us.
Not so fast, says the state. If Morgan Stanley had bothered to encrypt the CDs before sending them, none of this would have happened. The state doesn’t know where the CDs are now, but that doesn’t mean it lost them, says Susan Burns, a spokeswoman for the tax department.
Maybe they were lost in the mail, Burns says.
“We have no information that we can use to corroborate that the two compact disks were in the envelope when it arrived at the Department,” Burns said in an email. ”We cannot determine whether the disks were lost in transit via the US Postal Service or within the Department.”
Read more on Credit.com