Image

“A likely third-party hack of Marsh’s personal server resulted in portions of the confidential data being posted on the Internet with offers to sell larger quantities,” the SEC said.In a separate SEC order, Marsh was barred from the industry for five years. In December, he was criminally convicted for the breach and was sentenced to three years probation, and ordered to pay $600,000 in restitution. Marsh reportedly conducted about 6,000 unauthorized researches on the bank’s computer system, taking client names, addresses and phone numbers, as well as account numbers, fixed-income investment information and account values. Although the bank did not admit or deny the offense, Morgan Stanley spokesman Jim Wiggins told Bloomberg the firm is pleased to settle the matter. Wiggins added the bank “worked quickly to protect affected clients by changing account numbers and offering credit monitoring and identity theft protection services.”