By Nate Raymond and Joseph Ax, Reuters
A former Morgan Stanley financial adviser who was fired in connection with a major breach of client information pleaded guilty on Monday to taking confidential data for hundreds of thousands of customer accounts from a bank computer without permission.
Galen Marsh, who worked in Morgan Stanley’s private wealth management division, entered the plea in federal court in Manhattan, according to court records.
The hearing came nine months after the bank announced it had fired him in connection with a data breach that resulted in account information for hundreds of clients getting published online.
Marsh copied names, addresses, account numbers, investment information and other data for approximately 730,000 accounts, prosecutors said in court papers. While improperly accessing the client information, Marsh was in talks about landing a new job with two Morgan Stanley competitors, the documents said.
In January, Morgan Stanley said up to 10 percent of its approximately 3.5 million wealth management clients were affected.
The bank said in January that information from around 900 client accounts linked to the breach was briefly posted online.
But Marsh’s attorney, Robert Gottlieb, said on Monday his client never posted, sold or disclosed any of the data he took.
The truth is that the Internet disclosures were the result of outside hackers, and he had absolutely nothing to do with it, Gottlieb said, adding that he is hopeful Marsh will not be sentenced to any prison time.
Federal authorities are continuing to investigate other aspects of the breach, a source familiar with the matter told Reuters.
According to charging documents, Marsh, who began working at Morgan Stanley as a sales assistant in 2008, uploaded the account information to his home computer in New Jersey between 2011 and 2014.
No clients lost money as a result of the breach, Morgan Stanley said on Monday.
This action, which follows Morgan Stanley’s initial investigation and reporting of his misconduct, makes clear that misuse of client account information will not be tolerated, the bank said in a statement.
Marsh’s sentencing is scheduled for Dec. 7. As part of the plea deal, he has agreed not to appeal any prison sentence of 37 months or shorter.
Todays guilty plea should send a message to those who inappropriately obtain and mishandle sensitive information that such actions may not just be improper, they can also be criminal, Federal Bureau of Investigation Assistant Director-in-Charge Diego Rodriguez said in a statement.
The case is U.S. v. Marsh, U.S. District Court for the Southern District of New York, No. 15-641.
(Editing by Alan Crosby and Jonathan Oatis)