Last summer, a newly minted Morgan Stanley financial adviser named Galen Marsh started to sift through the account records of some 350,000 of the firm’s clients. Virtually none of them were his own.

By December, some of that account information appeared on a text-sharing website, with the offer to trade it for an obscure virtual currency. Shortly after Morgan Stanley discovered the posting, it fired the 30-year-old Mr. Marsh and triggered a Federal Bureau of Investigation probe into how the records ended up online.

In what some security experts are saying is likely the biggest data theft at a wealth-management firm, some facts aren’t in dispute: Mr. Marsh’s lawyer has said that his client downloaded the account information and that he was subsequently fired by Morgan Stanley.

But a mystery remains about whether Mr. Marsh posted the information online and, if so, why he would risk his career.

Already, the episode is having ramifications within Morgan Stanley: On Tuesday, people familiar with the matter said the firm has tightened access to its client database so that individual advisers no longer have access to such wide swaths of account data. It also hired an outside consulting firm to increase its capacity to take calls from clients concerned about the breach and provide credit and identity-theft protective services.