A Morgan Stanley employee, Galen Marsh stole sensitive information from 350000 wealth management clients in December 2014, of which 900 client’s data was posted on Pastebin, an internet expose site with a link for interested parties to purchase more information.
http://www.morganstanley.com/about/press/articles/7f189537-f51c-40b0-a963-fc0dc6c65861.html
Protecting from external threats is relatively simple, the insider threat is much more difficult to mitigate and potentially a lot more damaging.
A robust security policy with regular employee security awareness and obligations training, allied to a well tuned data loss detection and protection is essential. Post-incident response and lessons learnt completes the cycle.