Morrisons found liable for staff data breach

Thousands of employees are now eligible for compensation

At the hearing of the UK's first data leak class action, the supermarket chain, Morrisons, has been found liable for the information breach caused by former employee, Andrew Skelton, back in 2014.

More than 5,000 employees brought a claim against the company after Skelton, a former auditor for Morrisons, stole their sensitive data, such as names, addresses, salary and bank details, posted the information online, and sent it to newspapers over a "personal grievance" against the company.

While Morrisons had been awarded 170,000 compensation against Skelton, the employees believed the supermarket failed to sufficiently protect their data and they deserved compensation as well.

Although Morrisons had denied liability to the claim, the judge, Mr Justice Langstaff, ruled that Morrisons was in fact liable and added that primary liability had not been established, meaning that all affected employees can claim compensation for the "upset and distress" caused.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The High Court has ruled that Morrisons was legally responsible for the data leak. We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK," Nick McAleenan of JMW Solicitors said of the ruling, as reported by the BBC.

10/10/2017: More than 5,000 employees of Morrisons supermarket chain are suing their employer for damages following the leaking of their personal data online.

The High Court case accuses the company of failing to adequately protect the data, which was leaked by a former employee, trying to make the company responsible for the leak.

Andrew Skelton, of Water Street in Liverpool, who worked as an auditor for Morrisons, was jailed for eight years in 2015 for fraud after leaking almost 100,000 staff's personal details over a "personal grievance" against the company.

Jonathan Barnes, counsel for 5,518 former and current Morrisons employees, told the court that Morrisons had already been awarded 170,000 compensation against Skelton, according to the BBC.

Barnes added that staff "were victims too" but that they had received no compensation, calling theirs a "simple complaint" by employees who were required to provide personal data when they joined the supermarket.

Advertisement - Article continues below

"We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information," Barnes told the judge, the BBC reported.

The High Court will decide on whether Morrison is liable for damages. The supermarket denies liability and the case continues.

David Emm, principal security researcher at Kaspersky Lab, said that the insider threat represents one of the greatest challenges to businesses trying to stave off a constant barrage of cyber attacks.

"Employees rank at the very top of the list of threats to data and systems. Their motivations are often hard to predict and anticipate, ranging from a desire for financial gain to disaffection, coercion and simple carelessness. When insider-assisted attacks do occur, the impact of such attacks can be devastating as they provide a direct route to the most valuable information in this case, [personnel] data," he said.

Picture: Bigstock

Featured Resources

Report: The State of Software Security

This annual report explores important trends in software security

Download now

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Download now

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020