By December, some of that ­account information appeared on a text-sharing website, with the offer to trade it for an obscure ­virtual currency.

Soon after Morgan Stanley discovered the posting, it fired the 30-year-old Mr Marsh and triggered a n FBI probe into how the records ended up online.

In what some security experts are saying is likely the biggest data theft at a wealth-management firm, some facts aren’t in dispute: Mr Marsh’s lawyer has said that his client downloaded the account information and that he was subsequently fired by Morgan Stanley.

But a mystery remains about whether Mr Marsh posted the ­information online and, if so, why he would risk his career.

Already, the episode is having ramifications at Morgan Stanley.

On Tuesday, sources said the firm had tightened access to its client database so that individual advisers no longer had access to such wide swaths of account data.

It also hired an outside consulting firm to increase its cap­acity to take calls from clients concerned about the breach and provide credit and identity-theft protective services.

Mr Marsh’s lawyer, Robert Gottlieb, said the matter was an employment dispute and denied Mr Marsh posted the information online or ever tried to sell it.

Morgan Stanley this week said an employee downloaded information about 10 per cent of its wealth-management clients, totalling about 350,000.

The bank said that on December 27 it discovered data related to about 900 of its ­client accounts during a routine review of public websites known to traffic in such information. The data, which ­included account names and numbers, states of residence and asset values, appeared on the ­internet “briefly”, the firm said yesterday. The bank said that no clients were ­financially harmed.

It is not that uncommon in the wealth-management industry for advisers to squirrel away information about clients before leaving for another firm, since a stable of wealthy clients is the lifeblood of any successful advisory practice.

But Mr Marsh, who had been promoted from trainee last April, was not facing any disciplinary action, and had no reason to ­believe his position at Morgan Stanley was in jeopardy before he was confronted about the data he had downloaded, according to a source.

However, Morgan Stanley officials believe the trail to the data posted online leads back to Mr Marsh, according to sources.

The data appeared as a posting on Pastebin on Saturday, December 27. The posting was created anonymously, without a Pastebin user account, an official with the text-sharing service said.

Morgan Stanley officials picked up on the posting early that morning after it triggered an alert by a routine surveillance of a number of websites that traffic in sensitive information, according to sources.

Later that day, Morgan Stanley officials alerted Pastebin that the posting contained client information and requested its ­removal.

The site complied and by Monday the posting was down, the sources said.

In the coming days, Morgan Stanley would come back to Pastebin with additional removal requests, the site official said.

By Saturday afternoon, many of Morgan Stanley’s top executives, including the chairman and chief executive, James Gorman, were briefed on what the firm’s security and tech teams had ­uncovered.

The Wall Street Journal

More related stories

Wall Street Journal

When play is not a game

Apparent addiction to video games may be hiding other issues.

Read more

Wall Street Journal

Xi’s China fills void left by US

Moves in Europe highlight America’s fading influence.

Read more