Morrisons found liable for staff data breach

Thousands of employees are now eligible for compensation

At the hearing of the UK's first data leak class action, the supermarket chain, Morrisons, has been found liable for the information breach caused by former employee, Andrew Skelton, back in 2014.

More than 5,000 employees brought a claim against the company after Skelton, a former auditor for Morrisons, stole their sensitive data, such as names, addresses, salary and bank details, posted the information online, and sent it to newspapers over a "personal grievance" against the company.

Advertisement - Article continues below

While Morrisons had been awarded 170,000 compensation against Skelton, the employees believed the supermarket failed to sufficiently protect their data and they deserved compensation as well.

Although Morrisons had denied liability to the claim, the judge, Mr Justice Langstaff, ruled that Morrisons was in fact liable and added that primary liability had not been established, meaning that all affected employees can claim compensation for the "upset and distress" caused.

"The High Court has ruled that Morrisons was legally responsible for the data leak. We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK," Nick McAleenan of JMW Solicitors said of the ruling, as reported by the BBC.

10/10/2017: More than 5,000 employees of Morrisons supermarket chain are suing their employer for damages following the leaking of their personal data online.

Advertisement
Advertisement - Article continues below

The High Court case accuses the company of failing to adequately protect the data, which was leaked by a former employee, trying to make the company responsible for the leak.

Advertisement - Article continues below

Andrew Skelton, of Water Street in Liverpool, who worked as an auditor for Morrisons, was jailed for eight years in 2015 for fraud after leaking almost 100,000 staff's personal details over a "personal grievance" against the company.

Jonathan Barnes, counsel for 5,518 former and current Morrisons employees, told the court that Morrisons had already been awarded 170,000 compensation against Skelton, according to the BBC.

Barnes added that staff "were victims too" but that they had received no compensation, calling theirs a "simple complaint" by employees who were required to provide personal data when they joined the supermarket.

"We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information," Barnes told the judge, the BBC reported.

The High Court will decide on whether Morrison is liable for damages. The supermarket denies liability and the case continues.

Advertisement - Article continues below

David Emm, principal security researcher at Kaspersky Lab, said that the insider threat represents one of the greatest challenges to businesses trying to stave off a constant barrage of cyber attacks.

"Employees rank at the very top of the list of threats to data and systems. Their motivations are often hard to predict and anticipate, ranging from a desire for financial gain to disaffection, coercion and simple carelessness. When insider-assisted attacks do occur, the impact of such attacks can be devastating as they provide a direct route to the most valuable information in this case, [personnel] data," he said.

Picture: Bigstock

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/infrastructure/server-storage/355785/dell-emc-poweredge-r7525-review-an-epyc-core-density-to-make
Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020