Morrisons found liable for staff data breach

Thousands of employees are now eligible for compensation

At the hearing of the UK's first data leak class action, the supermarket chain, Morrisons, has been found liable for the information breach caused by former employee, Andrew Skelton, back in 2014.

More than 5,000 employees brought a claim against the company after Skelton, a former auditor for Morrisons, stole their sensitive data, such as names, addresses, salary and bank details, posted the information online, and sent it to newspapers over a "personal grievance" against the company.

While Morrisons had been awarded 170,000 compensation against Skelton, the employees believed the supermarket failed to sufficiently protect their data and they deserved compensation as well.

Although Morrisons had denied liability to the claim, the judge, Mr Justice Langstaff, ruled that Morrisons was in fact liable and added that primary liability had not been established, meaning that all affected employees can claim compensation for the "upset and distress" caused.

"The High Court has ruled that Morrisons was legally responsible for the data leak. We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK," Nick McAleenan of JMW Solicitors said of the ruling, as reported by the BBC.

10/10/2017: More than 5,000 employees of Morrisons supermarket chain are suing their employer for damages following the leaking of their personal data online.

The High Court case accuses the company of failing to adequately protect the data, which was leaked by a former employee, trying to make the company responsible for the leak.

Andrew Skelton, of Water Street in Liverpool, who worked as an auditor for Morrisons, was jailed for eight years in 2015 for fraud after leaking almost 100,000 staff's personal details over a "personal grievance" against the company.

Jonathan Barnes, counsel for 5,518 former and current Morrisons employees, told the court that Morrisons had already been awarded 170,000 compensation against Skelton, according to the BBC.

Barnes added that staff "were victims too" but that they had received no compensation, calling theirs a "simple complaint" by employees who were required to provide personal data when they joined the supermarket.

"We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information," Barnes told the judge, the BBC reported.

The High Court will decide on whether Morrison is liable for damages. The supermarket denies liability and the case continues.

David Emm, principal security researcher at Kaspersky Lab, said that the insider threat represents one of the greatest challenges to businesses trying to stave off a constant barrage of cyber attacks.

"Employees rank at the very top of the list of threats to data and systems. Their motivations are often hard to predict and anticipate, ranging from a desire for financial gain to disaffection, coercion and simple carelessness. When insider-assisted attacks do occur, the impact of such attacks can be devastating as they provide a direct route to the most valuable information in this case, [personnel] data," he said.

Picture: Bigstock

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

23 Feb 2021
Hackers turn to 'silent stealing' in bid to exploit home workers
scams

Hackers turn to 'silent stealing' in bid to exploit home workers

22 Feb 2021
Kia Motors allegedly suffers a ransomware attack
data breaches

Kia Motors allegedly suffers a ransomware attack

18 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021