U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Morgan Stanley discloses data breach after the hack of a third-party vendor

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor. Investment banking firm Morgan Stanley has disclosed a data breach after threat actors have compromised the Accellion FTA server of the third-party vendor Guidehouse. The company has offices in more than […]

Morgan Stanley

The Morgan Stanley logo is displayed on its Times Square building, Tuesday, Oct. 18, 2011 in New York. Morgan Stanley said Wednesday, Oct. 19, 2011, it earned $2.2 billion in the third quarter, largely on accounting gains and increased investment banking revenue. (AP Photo/Mark Lennihan)

The American multinational investment bank and financial services firm Morgan Stanley discloses a data breach caused by the hack of an Accellion FTA server of a third-party vendor.

Investment banking firm Morgan Stanley has disclosed a data breach after threat actors have compromised the Accellion FTA server of the third-party vendor Guidehouse.

The company has offices in more than 42 countries and more than 60,000 employees, it has clients in multiple industries.

Guidehouse provides account maintenance services to Morgan Stanley’s StockPlan Connect business, hackers breached its Accellion FTA server and stole information belonging to Morgan Stanley stock plan participants.

The security breach was first reported by BleepingComputer that also shared a copy of the data breach notification letter sent to the impacted customers.

“On May 20, 2021, Morgan Stanley was notified by Guidehouse, a vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business, that it had suffered an information security incident. Guidehouse advised us that data that it maintained for Morgan Stanley had been accessed through the Accellion FTA vulnerability.” reads the letter. “Specifically, Morgan Stanley documents in the possession of Guidehouse containing the personal information of StockPlan Connect participants, including participants in New Hampshire, were obtained by an unauthorized individual.”

The provider notified Morgan Stanley in May 2021 that hackers compromised its FTA install back in January by exploiting a zero-day vulnerability later addressed by the vendor.

The hack of the FTA server took place in March, but the hacker had access to the data of Morgan Stanley customers in May. The participant information accessed by the hackers included name; address (last known address); date of birth; Social Security number (if the participant had one); and corporate company name. The company pointed out that exposed files did not contain passwords that could be used to access financial accounts.

The stolen files were stored in encrypted form on the compromised Guidehouse Accellion FTA server, but the attackers were also able to obtain the key to decrypt it.

At the time of this writing, the investment banking firm has no evidence that hackers have abused stolen info or disseminated it online. Morgan Stanley pointed out that its systems were not breached by the threat actors.

“There was no data security breach of any Morgan Stanley applications,” continues the letter. “The incident involves files which were in Guidehouse’s possession, including encrypted files from Morgan Stanley.”

In February, security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11.

The wave of attacks began in mid-December 2020, threat actors exploited multiple zero-day vulnerabilities in the Accellion File Transfer Appliance (FTA) software to deploy a shell dubbed DEWMODE on the target networks.

The attackers exfiltrate sensitive data from the target systems and then published it on the CLOP ransomware gang’s leak site.

It has been estimated that the group has targeted approximately 100 companies across the world between December and January. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]