Some criminals just can’t catch a break, or at least that’s the thinking of a former Morgan Stanley financial advisor’s defense attorney.
Galen Marsh, who entered a guilty plea this week in connection with charges of stealing confidential client information from work and loading it onto his home computer, at least claims that he’s not responsible for the infamous breach that caused the data for around 900 clients’ accounts to be leaked online on a black market website. According to Marsh’s attorney, Robert Gottlieb, the defendant agrees that he stole around 730,000 individual records, but that he was not responsible for posting a small cache of those records on hacking website Pastebin.
Gottlieb insists that an outsider hacker either breached Morgan Stanley’s computers or Marsh’s home computer, but that the former financial advisor did not post the information or attempt to sell it. However, when he was asked why the defendant took the information in the first place, Gottlieb refused to answer. If the goal wasn’t to turn a quick profit—which actually sounds plausible considering the fact that Morgan Stanley asserts no Social Security numbers or account passwords were exposed, meaning identity theft and account fraud weren’t feasible from the information that was leaked—then why?
One cybersecurity expert has already weighed in on the possibility of revenge against Morgan Stanley as a motive, which is plausible due to the embarrassment and expense data breaches can bring. Still other speculation involves the fact that Marsh was in talks with two different competing companies at the time he took the records; his actions may have been something as simple as the hope of bringing existing clients with him to a new company, or could go deeper into corporate espionage by providing information on clients to competitors.
Whatever the motive for taking the records in the first place, authorities are still focused on a connection between Marsh and the leaked information online, despite agreeing that their investigation also includes possible outside hacking. Is it possible that Marsh simply stole the information and then had the misfortune of having his theft discovered while investigators examined a separate, coincidental large-scale data breach? Yes, and that’s why his attorney maintains that he had no intention or participation in the information being discovered on Pastebin.
While Gottlieb has openly stated that he hopes there is no jail time as a result of his client’s guilty plea, Marsh has agreed as part of the deal that he will not appeal any sentence that involves up to 37 months in jail.