UPDATE: Bank Employee Charged With Illegal Access Of 730,000 Accounts

December 24, 2015

This is an UPDATE of "Bank Employee Charged With Illegal Access Of 730,000 Accounts" (BrokeAndBroker.com Blog, October 7, 2015).

When we provide our confidential information to a bank, we hope that it's kept safe. Notwithstanding our hopes, however, the headlines are filled with stories about identity theft and hacking -- and it's not a problem likely to go away any time soon. Recently, the Feds charged another financial services industry employee with taking wrongly taking information pertaining to hundreds of thousands of accounts. 

Case In Point

On September 21, 2015, Galen Marsh, 31, Hoboken, NJ, pled guilty to one count of unauthorized access to a computer in the Southern District of New York. A criminal Information charged Marsh with having obtained confidential client information from his employer, which is characterized in Department of Justice press releases only as "a multinational investment bank and financial services company headquartered in Manhattan (the "Bank")." About 730,000 accounts were invaded pursuant to Marsh's scheme.

SIDE BAR: Although not disclosed in the Information or Department of Justice press releases, online records at FINRA's BrokerCheck as of October 7, 2015, disclose that on January 2, 2015, Morgan Stanley "Discharged" Galen J. Marsh based upon allegations that:


A Group Thug?

As detailed in the Information, Marsh was initially employed by the Bank as a Customer Service Associate ("CSA") and thereafter as a Financial Advisor ("FA") - and he was assigned to specific Groups tasked with servicing specified accounts.. In his CSA and FA capacities, he provided financial services to certain private wealth management clients. The Bank, maintained on its computer systems information that included the private wealth clients' fixed income holdings and the revenue generated and value of each account. 

The Information asserts that although Marsh was authorized to access such information with respect to private wealth management clients within his assigned Group, he was generally prohibited from accessing the computer system regarding accounts outside his Group. Each computer system access required the input of unique user Identification Numbers to access his Group's account information.

The Information alleges that starting around June 2011 through about December 2014, Marsh accessed the Bank's computer systems about 4,000 times in an unauthorized fashion in order to obtain confidential information about accounts serviced outside his Groups. This was accomplished by using Identification Numbers not designated for his Groups' use. Having improperly accessed some 730,000 accounts, Marsh purported uploaded the confidential information to a personal server at his home. Marsh purportedly used the information:

for his personal advantage as a private wealth management advisor at the Bank. In addition, from at least in or about October 2013 through in or about December 2014, MARSH was engaged in discussions regarding potential employment with two other financial institutions that are competitors of the Bank.

Marsh faces a maximum of five years in prison and three years of supervised,


On December 22, 2015, Marsh was sentenced to three years probation and was ordered to pay $600,000 in restitution and to forfeit certain computer hardware that he used in the commission of the offense.