An irreverent Wall Street Blog
UPDATE: Bank Employee Charged With Illegal Access Of 730,000 Accounts
December 24, 2015
This is an UPDATE of "Bank
Employee Charged With Illegal Access Of 730,000 Accounts"
(BrokeAndBroker.com Blog, October 7, 2015).When we provide our
confidential information to a bank, we hope that it's kept safe.
Notwithstanding our hopes, however, the headlines are filled with stories about
identity theft and hacking -- and it's not a problem likely to go away any time
soon. Recently, the Feds charged another financial services industry employee
with taking wrongly taking information pertaining to hundreds of thousands of
accounts.
Case In Point
On September 21, 2015, Galen Marsh, 31, Hoboken, NJ, pled guilty to
one count of unauthorized access to a computer in the Southern District of New
York. A criminal Information charged
Marsh with having obtained confidential client information from his employer,
which is characterized in Department of Justice press releases only as "a
multinational investment bank and financial services company headquartered in
Manhattan (the "Bank")." About 730,000 accounts were invaded
pursuant to Marsh's scheme.
SIDE BAR: Although not disclosed in the Information or Department of Justice press releases, online records at FINRA's BrokerCheck as of October 7, 2015, disclose that on January 2, 2015, Morgan Stanley "Discharged" Galen J. Marsh based upon allegations that:
MR. MARSH WAS DISCHARGED FOLLOWING ALLEGATIONS THAT ACCUSED HIM OF REMOVING CERTAIN CONFIDENTIAL CLIENT ACCOUNT INFORMATION FROM THE FIRM WITHOUT AUTHORIZATION
As detailed in the Information, Marsh was
initially employed by the Bank as a Customer Service Associate ("CSA") and
thereafter as a Financial
Advisor ("FA") - and he was assigned to specific Groups
tasked with servicing specified accounts.. In his CSA and FA capacities, he
provided financial services to certain private wealth management clients. The
Bank, maintained on its computer systems information that included the private
wealth clients' fixed income holdings and the revenue generated and value of
each account.
The Information asserts that although Marsh was authorized to
access such information with respect to private wealth management clients
within his assigned Group, he was generally prohibited from accessing the
computer system regarding accounts outside his Group. Each computer system
access required the input of unique user Identification Numbers to access his
Group's account information.
The Information alleges that starting around June 2011 through
about December 2014, Marsh accessed the Bank's computer systems about 4,000
times in an unauthorized fashion in order to obtain confidential information
about accounts serviced outside his Groups. This was accomplished by using
Identification Numbers not designated for his Groups' use. Having improperly
accessed some 730,000 accounts, Marsh purported uploaded the confidential
information to a personal server at his home. Marsh purportedly used the
information:
for his personal advantage as a private wealth management advisor at the Bank. In addition, from at least in or about October 2013 through in or about December 2014, MARSH was engaged in discussions regarding potential employment with two other financial institutions that are competitors of the Bank.
UPDATE
On December 22, 2015, Marsh was sentenced to three years probation and was ordered to pay $600,000 in restitution and to forfeit certain computer hardware that he used in the commission of the offense.