The story shines another light on the importance of handling clients' financial information correctly by organizations such as banks and wealth managers.

Morgan Stanley has agreed to pay $60 million to settle a lawsuit by customers who said that it exposed their personal data when it twice failed to properly retire some of its older information technology, this news service can confirm.

A preliminary settlement of the proposed class action on behalf of about 15 million customers was filed on Friday night in a Manhattan federal court which requires approval by US District Judge Analisa Torres.

Customers would receive at least two years of fraud insurance coverage, and each can apply for reimbursement of up to $10,000 in out-of-pocket losses, it said. The Wall Street firm denied wrongdoing in agreeing to settle and has made "substantial" upgrades to its data security practices, according to settlement papers.

"We have previously notified all potentially impacted clients regarding these matters, which occurred several years ago, and are pleased to be resolving this related litigation," a spokesperson at Morgan Stanley told Family Wealth Report.

Customers accused the firm of having in 2016 failed to decommission two wealth management data centers before the unencrypted equipment, which still contained customer data, was resold to unauthorized third parties. They also said that some older servers containing customer data went missing after Morgan Stanley transferred them in 2019 to an outside vendor. Court papers show that Morgan Stanley later recovered the servers. 

In an email on Monday, Morgan Stanley said that it had notified all customers who may have been affected and it was pleased to settle the lawsuit. 

This incident is a reminder of how handling client data remains a hot issue in the North American wealth industry, and further afield. In the UK and the rest of Europe, data use is now governed by GDPR (General Data Protection Regulation), which took effect in May 2018. The US does have data protection laws, but they vary by state, with those in California deemed closest to the European model. 

A report on matter originally appeared on Reuters, Jan 3.