When we hear about data breaches in the news, the narrative tends to follow a familiar pattern: a system is compromised, and hackers gain access. Sensitive information belonging to thousands of individuals is stolen during peak activity, when networks are live.
However, some of the most damaging data breaches don’t happen when systems are fully operational, but rather when they are shut down.
A recent, noteworthy case comes from Morgan Stanley, the financial corporation whose data exposure did not originate from a sophisticated cyberattack but rather from the retirement of its aging infrastructure. The incident highlighted a risk that receives far less attention than it should, for it revealed the potential dangers to data when the environments designed to protect it are dismantled carelessly.
As organizations evolve and technology advances, data center decommissioning has become a critical yet often overlooked process of IT management. Making sure that sensitive data is thoroughly sanitized before dismantling infrastructure is fundamental to protecting against inadvertent breaches.
What the Morgan Stanley Case Revealed
In the late 2010s, Morgan Stanley began retiring data center assets as part of routine infrastructure updates. Large volumes of hardware, including servers and storage devices, were removed and entrusted to a third-party vendor for disposal.
The problem wasn’t inadequate network security, but that the storage media containing sensitive client data was not properly sanitized before leaving the bank’s controlled environment. Some devices were resold, others simply went missing, leaving intact data that should have been rendered unreadable.
The exposed information was far from trivial: it included addresses, Social Security numbers, and other personal identifiers of millions of clients. This data doesn’t lose its value over time; it can be exploited years later through identity theft, financial fraud, and damaged credit histories, causing lasting harm to individuals who may remain unaware.
Regulators ultimately concluded that Morgan Stanley had failed to maintain adequate oversight of its data-disposal practices, resulting in heavy fines and settlements. But what makes this case striking is how ordinary it was. It involved no breach in the conventional sense and no dramatic intrusion. It was just data left behind at the end of a system’s life.
Why Data Breaches Occur
Incidents like this usually come from common assumptions that surface during infrastructure transitions.
One misconception is that once data is complete, legacy storage devices are harmless. Additionally, organizations often downplay disposal, treating it as an administrative task rather than a security-critical event. This mindset is compounded by the fact that responsibility is often split across teams and vendors, making it easy for clear accountability to slip through the cracks.
While many organizations invest heavily in protecting data during active use, they frequently neglect it once systems are decommissioned. As soon as the infrastructure is powered off, monitoring diminishes, security measures are relaxed, and unchecked assumptions take the place of diligent verification.
In other words, the risk doesn’t disappear when activity stops; it simply changes form.
Why Data Sanitization Is Nonnegotiable
At its core, data sanitization is a deliberate, verifiable process to permanently remove data so it cannot be recovered, reused, or reconstructed.
Sanitization goes beyond simply deleting files or decommissioning software. It demands more than just turning off a server or moving workloads. The primary goal is to guarantee that the physical media itself (hard drives, solid-state drives, tapes) no longer contains any accessible data.
This process is vital whenever storage devices leave their original security ecosystem, such as during equipment retirement, resale, recycling, or transfer to third parties. In these situations, assumptions about data safety are risky, and the only meaningful safeguard is proof that data has been irreversibly removed.
How the Process Unfolds
Proper data sanitization follows a controlled sequence of steps to ensure effectiveness.
It begins with identifying all assets that harbor data, including backup media and components that are easy to overlook. The next step is choosing suitable methods based on the type of media involved, as techniques suitable for traditional hard drives may not work for solid-state storage.
Crucially, the process doesn’t end with execution. Verification is equally important. Sanitization must be confirmed, documented, and traceable to specific assets. This documentation enables organizations to demonstrate compliance, maintain chains of custody, and ensure that responsibility does not dissolve once hardware leaves the facility.
Only after these steps are complete can equipment be safely reused, recycled, or destroyed.
The Lasting Life of Data
The lesson of the Morgan Stanley case is not that organizations need to fear decommissioning, but rather that data outlives the systems built to contain it.
As infrastructure evolves, expands, and eventually shuts down, the greatest danger frequently lies in the data no one is actively considering anymore. Data sanitization exists to close that gap, so that whenever systems reach the end of their cycle, the information they once held does not continue to pose risks after the lights go out.
Ignoring that final phase doesn’t just expose organizations to fines or reputational harm; it also exposes real people to real-life consequences that can haunt them for years. Therefore, data sanitization should not be viewed as a technical afterthought, but a responsibility that must be upheld until the very end.