Morgan Stanley

How to Report a Site or Security Vulnerability

Cybersecurity Issues

If you have found a cybersecurity issue or vulnerability in any of our applications, then we would like to hear from you through our responsible disclosure program.

Our responsible disclosure program is managed by our third party vendor who will review and validate cybersecurity issues within the scope of this program.

See our responsible disclosure program.

Types of issues that can be reported here:

  • Cybersecurity issues
  • Vulnerabilities
  • Improper Configurations

Type of issues that cannot be reported here:

  • Whistle-blower concerns
  • Intellectual Property
  • Confidential Morgan Stanley or Customer data
  • Complaints about Morgan Stanley services or products
  • Fraud
  • Inquiries about availability of Morgan Stanley websites or mobile services
  • Phishing attempts

Morgan Stanley does not waive any rights or claims with respect to activities that are in violation of the law or could be interpreted as such.