Files stolen also included client names, addresses, date of birth and corporate company names.
The bank's vendor, Guidehouse, which provides account maintenance services to its StockPlan Connect business, informed it about the breach in May, Morgan Stanley said in a letter dated July 2.
The bank said attackers accessed information by exploiting a vulnerability in the vendor's server, Accellion FTA. While the exposure was patched within five days, the attackers obtained decryption key even though the files were encrypted.
Guidehouse informed the bank it had found no evidence that the stolen data had been distributed online.
A person familiar with the matter said the files have been recovered and the bank is monitoring the dark web for any evidence of posting of client information.
The vendor, meanwhile, has engaged credit firm Experian to offer free credit monitoring services for 24 months for clients that may have been impacted by the breach, the person said.
"The protection of client data is of the utmost importance and is something we take very seriously. We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients," a bank spokesperson said.
The hack, which was reported earlier by technology news portal Bleeping Computer, was discovered in March by Guidehouse and its impact on Morgan Stanley was found in May, the bank said.