In mid-December, a posting appeared on the Internet site Pastebin offering six million account records, including passwords and login data for clients of Morgan Stanley, the New York Times reported today. Two weeks later, a new posting on the information-sharing site offered a teaser of actual records from 1,200 accounts, and provided a link for people interested in purchasing more. The link pointed to a website that sells digital files for virtual currencies like Bitcoin. In this case, the files were being sold for a more obscure currency, Speedcoin. The offer was quickly taken down the same day, Dec. 27, after Morgan Stanley discovered the leak. In short order, the bank traced the breach to a financial adviser working out of its New York offices, a 30-year-old named Galen Marsh. Marsh, who had been with Morgan Stanley since 2008, was quickly fired and is currently the subject of a criminal investigation by the Federal Bureau of Investigation. The Financial Industry Regulatory Authority is also examining the matter.
