Hello. Morgan Stanley was fined $60 million by the Office of the Comptroller of the Currency for improper disposing of computer hardware that might have contained customer information, WSJ Pro's James Rundle reports. 

Other news: Cyberattacks in Iran; Cisco ordered to pay $1.9 billion in patent case; and Carnival cruise line reveals more about August data breach. 

Weekend reading: Social media as systemically important; Twitter privacy case in Europe drags on; employee surveillance in Europe; and U.S. cities hampered in cyber fight.

OCC fines Morgan Stanley units for data security incidents. Federal regulators have fined two business units of Morgan Stanley $60 million for data-security incidents that happened in 2016 and 2019.

The Office of the Comptroller of the Currency, which regulates Morgan Stanley Bank NA and Morgan Stanley Private Bank NA, announced the penalty on Oct. 8. In both cases, sensitive information may have been left on decommissioned hardware.

The data at risk may include Social Security numbers, asset value and holdings information, contact information and passport numbers, the bank said in July letters sent to customers and state attorneys general.

“[W]e have continuously monitored the situation and we do not believe that any of our clients’ information has been accessed or misused,” a Morgan Stanley spokesperson said.

Ensuring total data erasure from devices such as hard drives can be complicated and often requires specialist equipment.

Read the full story. 

Two Iranian government agencies hit with cyberattacks. An official at Iran's governmental Information Technology Organization said Thursday that the incidents early this week prompted a shutdown of internet services as a precaution, Reuters reports. The attacks were "large scale," the official said without providing details. 

Cisco security features infringe on Centripetal Networks patents. Cisco Systems Inc. must pay $1.9 billion to cybersecurity firm Centripetal Networks Inc. for infringing on four patents held by the private company, a U.S. District judge ordered. The judge found no infringement of a fifth patent at issue, InfoSecurity Magazine reports. Centripetal provides threat-intelligence services. Cisco must also pay Centripetal 10% of sales of certain products that use the technology in questions for the next three years and 5% of sales for three years after that. Cisco plans to appeal to the ruling. 

Carnival confirms three brands were targeted in an August data breach. Data from Carnival Cruise Line, Holland America Line and Seabourn, along with casino operations, were compromised in a cyberattack Aug. 15, Carnival Corp. said this week. "The company is working as quickly as possible to identify the guests, employees, crew and other individuals whose personal information may have been impacted," Carnival said. It didn't specify how many individuals were affected. Carnival expects to wrap up its investigation in 30 to 60 days. 

Barnes & Noble reports cyberattack. Barnes & Noble Inc. was hit with a cybersecurity attack that may have exposed some customers' personal information, a spokesman for the company said. Credit-card and financial data were not exposed, Barnes and Noble said, but attackers may have gained access to customers' email addresses, billing and shipping addresses and telephone numbers. A firm of cybersecurity consultants that Barnes & Noble engaged to evaluate the threat hasn't detected evidence of data being exposed to the attackers, Barnes & Noble said, but the company initially closed down its networks as a precaution. The spokesman said Barnes & Noble cautiously restored networks after the attack. --Matt Grossman, Dow Jones Newswires

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.