×

How Morgan Stanley clients can protect themselves

A pedestrian walks by Morgan Stanley headquarters in New York.
Getty Images
A pedestrian walks by Morgan Stanley headquarters in New York.

By now, consumers are well aware of the risks of having their credit card number or email address captured in a data breach. As some Morgan Stanley clients are finding out, having a brokerage account number stolen represents a different kind of headache.

Morgan Stanley said Monday that it had terminated an employee for misappropriating wealth management client data. The financial services firm, which is the second-largest wealth manager in the country, said in a statement that partial account information for up to 10 percent of its wealth management clients, or about 350,000 people, was stolen. And data for about 900 clients—including names, account numbers, phone numbers and asset valueswere briefly posted online.

Read More Morgan Stanley: An employee stole partial client data

"There is no evidence of any economic loss to any client," the firm said. Data stolen did not include Social Security numbers or account passwords. As a precaution, Morgan Stanley is giving affected account holders new account numbers, and implementing fraud monitoring and other security enhancements to the accounts.

Still, it's a breach requiring quick action and ongoing scrutiny on the part of those affected. "There are a number of concerns there, but not the typical identity theft ones," said Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse.

The big one: Targeted phishing calls and emails. "To the extent the breach may have revealed contact information for those individuals, they might become targets by scammers who know that they are wealthy," said Stephens.

His recommendation: Don't give out sensitive information over the phone or via email to anyone claiming to be from Morgan Stanley, and don't respond directly to emails from addresses you don't recognize or click on links in them. (That's good advice in general, given the proliferation of phishing attacks in recent years.)

Read MoreWatch out for these big changes to your credit cards

Anyone who's affected by a breach like this should also request that their account number be changed if it hasn't been already. Even though passwords weren't part of this leak, it's still a good idea to change them if you're using something that might be easily guessable, said Linda Sherry, director of national priorities for advocacy group Consumer-Action.org.

Direct financial losses are less likely. There's no government-mandated fraud protection for brokerage accounts as there is for credit cards or checking accounts, and the Securities Investor Protection Corporation, which protects against the loss of securities at member firms, doesn't step in when accounts are hacked. However, most asset management firms, including Morgan Stanley, have policies pledging to reimburse clients for losses due to unauthorized account access.

The breach could still create temporary hassles if, armed with an account number and the account holder's name and contact information, a fraudster manages to initiate a wire transfer, said Stephens. "The issue becomes, what are the verification questions Morgan Stanley might ask beyond that information," he said, "and how easily that information is findable online."