A fired Morgan Stanley financial adviser who downloaded client information to a home server to give his job search a boost was sentenced to three years’ probation for accessing the bank’s computer network without permission.
Galen Marsh, who prosecutors say called the stolen data “the world’s best cold-calling list,” had some of the data stolen from him and posted on the Internet.
Marsh took the information to advance his career and had no intention of selling it, his lawyer Robert Gottlieb told U.S. District Judge Kevin Duffy at a hearing Tuesday. The lawyer begged the judge not to send his client to prison, saying Marsh has rediscovered his faith, is volunteering at a soup kitchen and working as a consultant to a startup software company.
Appearing to hold back tears, Marsh, who faced as long as five years in prison, apologized for his actions as his father, mother and wife watched from the front row of the Manhattan courtroom. His wife is due to give birth to their daughter in six days.
"I know what I did was wrong and I’ll feel ashamed for it for the rest of my life," Marsh said. "I hope and pray I can turn this into a positive."
Duffy agreed to impose probation but warned Marsh “to expect the roof to fall in” if he violates any of the terms.
“I will hit you with everything possible,” Duffy said. “I’ll make sure you spend your time in one of the worst places I can find, either Florence or Leavenworth. God forbid you should screw up once.”
Marsh pleaded guilty in September to transferring confidential data on about 730,000 customer accounts to a private server in his home in Hoboken, New Jersey, from 2011 to 2014. Morgan Stanley has said that account data for about 900 clients was found on an external website.
Marsh worked in the bank’s private wealth-management division. The government said there was no evidence backing his claim that he took the data to analyze client information from home so he could do a better job.
Marsh has said Morgan Stanley told him Russian hackers were “suspected” of taking the information. In seeking leniency, Marsh said he cooperated promptly with the bank and the government’s investigation of the breach.
While prosecutors have determined Marsh’s private server was accessed by hackers, the harm to the bank was foreseeable because he took the data in the first place and stored it at home, which was vulnerable to intrusion, Assistant U.S. Attorney Christine Magdo said in court papers.
Confronted by superiors, Marsh admitted “the data he had taken was the world’s best cold-calling list,” Magdo said, “and that he had been exploring job opportunities outside the bank.”
The case is U.S. v. Marsh, 15-cr-00641, U.S. District Court, Southern District of New York (Manhattan).