In December 2020 and January 2021, a threat actor associated to the FIN11 cybercrime group exploited multiple vulnerabilities in Accellion’s file transfer service (FTA) to gain access to files belonging to tens of businesses. Guidehouse, which provides account maintenance services to Morgan Stanley’s StockPlan Connect business, is one of the companies impacted by the FTA incident. Morgan Stanley said in a letter sent last week to the New Hampshire Attorney General’s office that Guidehouse told them in May 2021 that certain threat actors had used Accellion FTA to gain access to Morgan Stanley documents containing personal information about StockPlan Connect members. Despite the fact that the stolen files were encrypted, Morgan Stanley claims that the attacker “was able to access the decryption key during the security event due to the Accellion FTA vulnerability.” Names, residences, birth dates, Social Security numbers, and corporate company names were among the data obtained from the stolen documents. In the letter, Morgan Stanley emphasises that “any data within these files did not contain passwords that might be utilised to access financial accounts.” Guidehouse patched their FTA instance within five days of the vendor’s security patches, but the threat actor had already hacked the service at that point. Due to the difficulty in retroactively ascertaining which files were stored in the Accellion FTA appliance when the appliance was vulnerable, the vendor finally detected the attack in March 2021 and informed Morgan Stanley two months later. The investment banking firm added, “Guidehouse has told Morgan Stanley that it discovered no evidence that Morgan Stanley’s data had been transferred beyond the threat actor.” Morgan Stanley claims that 108 people in New Hampshire were affected by the event, but the business hasn’t said how many more people were affected.