Morrisons found liable for staff data breach

Thousands of employees are now eligible for compensation

At the hearing of the UK's first data leak class action, the supermarket chain, Morrisons, has been found liable for the information breach caused by former employee, Andrew Skelton, back in 2014.

More than 5,000 employees brought a claim against the company after Skelton, a former auditor for Morrisons, stole their sensitive data, such as names, addresses, salary and bank details, posted the information online, and sent it to newspapers over a "personal grievance" against the company.

Advertisement - Article continues below

While Morrisons had been awarded 170,000 compensation against Skelton, the employees believed the supermarket failed to sufficiently protect their data and they deserved compensation as well.

Although Morrisons had denied liability to the claim, the judge, Mr Justice Langstaff, ruled that Morrisons was in fact liable and added that primary liability had not been established, meaning that all affected employees can claim compensation for the "upset and distress" caused.

"The High Court has ruled that Morrisons was legally responsible for the data leak. We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK," Nick McAleenan of JMW Solicitors said of the ruling, as reported by the BBC.

10/10/2017: More than 5,000 employees of Morrisons supermarket chain are suing their employer for damages following the leaking of their personal data online.

Advertisement
Advertisement - Article continues below

The High Court case accuses the company of failing to adequately protect the data, which was leaked by a former employee, trying to make the company responsible for the leak.

Advertisement - Article continues below

Andrew Skelton, of Water Street in Liverpool, who worked as an auditor for Morrisons, was jailed for eight years in 2015 for fraud after leaking almost 100,000 staff's personal details over a "personal grievance" against the company.

Jonathan Barnes, counsel for 5,518 former and current Morrisons employees, told the court that Morrisons had already been awarded 170,000 compensation against Skelton, according to the BBC.

Barnes added that staff "were victims too" but that they had received no compensation, calling theirs a "simple complaint" by employees who were required to provide personal data when they joined the supermarket.

"We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information," Barnes told the judge, the BBC reported.

The High Court will decide on whether Morrison is liable for damages. The supermarket denies liability and the case continues.

Advertisement - Article continues below

David Emm, principal security researcher at Kaspersky Lab, said that the insider threat represents one of the greatest challenges to businesses trying to stave off a constant barrage of cyber attacks.

"Employees rank at the very top of the list of threats to data and systems. Their motivations are often hard to predict and anticipate, ranging from a desire for financial gain to disaffection, coercion and simple carelessness. When insider-assisted attacks do occur, the impact of such attacks can be devastating as they provide a direct route to the most valuable information in this case, [personnel] data," he said.

Picture: Bigstock

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/security/phishing/355120/hackers-pose-as-three-to-exploit-high-data-demand
phishing

Hackers target Three customers with "sophisticated" phishing scam

26 Mar 2020