Ex-Morgan Stanley Hacker Deserves Prison Time, Prosecutors Say

  • Defendant says Russians may have later stolen data from him
  • He called data `world's best' job hunt call list, U.S. says

A former Morgan Stanley financial adviser who stole client data that he called “the world’s best cold-calling list” for his job search deserves a prison sentence for his crime, prosecutors said.

Galen Marsh, who worked in the bank’s private wealth management division, is asking a judge to spare him from prison when he is sentenced Dec. 17, saying he took the data to analyze client information from home so he could do a better job. The government says there’s no evidence of that.

After Marsh took the data, it was stolen from him and posted on the Internet.

Marsh says the bank told him Russian hackers were “suspected” of taking the information. “We do not know with certainty what happened after he stole the data,” a bank spokesman, James Wiggins, said Tuesday by e-mail.

In seeking leniency, Marsh also says he cooperated promptly with the bank and the government’s investigation of the breach.

Prosecutors say Marsh deserves a prison term of 30 to 37 months because he accessed confidential client accounts, conducted more than 5,900 searches and obtained information on about 730,000 customers when he was searching for a new job. The evidence shows Marsh never did any of the analysis he claims to have conducted, Assistant U.S. Attorney Christine Magdo said in court papers.

Predictable Harm

While prosecutors have determined Marsh’s home server was accessed by hackers, the harm to the bank was foreseeable because he took the data in the first place and put it on his home server, which was vulnerable to intrusion, Magdo said.

Confronted by superiors, Marsh admitted “the data he had taken was the world’s best cold calling list,” Magdo said, “and that he had been exploring job opportunities outside the bank.”

Despite his claim that his assistance in the investigation merits a lenient sentence, prosecutors said, it took Marsh at least six months to cooperate and since then “the government has not been able to corroborate any of the information provided by Marsh regarding alleged criminal conduct by any other individual.”  Marsh pleaded guilty Sept. 21 to gaining unauthorized access to a computer.

The case is U.S. v. Marsh, 15-cr-00641, U.S. District Court, Southern District of New York (Manhattan).

Before it's here, it's on the Bloomberg Terminal. LEARN MORE