Morgan Stanley has disclosed that some of its corporate customers had their data stolen following a data breach at a third-party vendor.

The data breach involved Guidehouse Inc., a company that provides account maintenance services to Morgan Stanley’s Stock Plan Connect Business.The data stolen included client names, addresses, date of birth and corporate company names.

The attack vector involved hackers exploiting a vulnerability in software from Accellion Inc. used by Guidehouse. The form of attack was not disclosed, previous Accellion FTA-related attacks have involved the Clop ransomware gang.

Guidehouse claims that they have found no evidence that the stolen data has been distributed online. That said, in previous Clop attacks, stolen data has been published on the dark web, a shady corner of the internet reachable with special software. A person familiar with the matter told Reuters that the bank is monitoring the dark web for any evidence of client information be posted.

The PII of Morgan Stanley’s customers was encrypted, the information was stored on third-party partner’s servers that were breached and the encryption key to decrypt those files was also stolen.

Although there is no evidence of the stolen data making its way onto the dark web as yet, Chenette believes it is highly likely that it will end up for sale.

Organizations must take proactive approaches to protect their data and be extra vigilant in testing the security controls protecting organizational encryption keys. This should include mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats.