Morrisons sued by over 5,500 staff following major insider leak

Morrisons sued by over 5,500 staff following major insider leak

Supreme Court allows Morrisons to appeal data breach verdict

Supermarket chain Morrisons is being sued by 5,518 current and former employees for failing to compensate them after suffering an insider leak in 2014.

Even though Morrisons was awarded £170,000 in compensation, affected staff whose financial details were leaked received nothing in return.

Back in 2014, to settle an old grudge against his employer, Andrew Skelton, an internal auditor at Morrisons’ Bradford office, leaked personal and financial information of nearly 10,000 Morrisons staff on the web. To mitigate the breach, Morrisons spent over £2 million in the next few months.

Details leaked by Skelton included NI numbers, birth dates and bank account details and were also shared by Skelton with several newspapers. Skelton is now serving 8 years after being found guilty of leaking personal details of Morrisons employees, and Morrisons has also been awarded £170,000 in compensation by the court.

However, affected employees whose personal and financial information were made public by Skelton, received no compensation in the years that followed. 5,518 current and former staff are now suing Morrisons for failing to compensate them for the distress they suffered following the leak.

“The judge was sure that the employees were victims too, and it is those victims who have received no compensation for their distress or loss of control of the situation,” said Jonathan Barnes, counsel for the employees, told the BBC.

The employees are now alleging that Morrisons is squarely responsible for breaches of privacy, confidence and data protection laws, as well as for exposing them to identity theft.

“We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information,” said Mr. Barnes to the judge. Morrisons has said it is not responsible for the insider leak.

‘An insider is the worst possible attack, but is also the hardest thing to uncover. How can you determine one’s motive? Morrisons was none the wiser that this individual was going to leak such critical data. It is extremely difficult to vet everyone who has access to the various networks and sensitive data,’ says Paul Norris, Senior Systems Engineer for EMEA at Tripwire.

‘To avoid situations like this, organisations need to know what data is where. This is the first step in selecting the relevant security measures. From there, they can identify who has access to the data and determine the right level of access for individuals or groups of individuals.

‘The organisations would need to ensure that each individual has only the access necessary to do their job. This security measure will greatly reduce the risk of an insider threat,’ he adds.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]