Morrisons ‘Ultimately Responsible’ For Rogue Employee Leaking Payroll Data

Morrisons could be forced to pay compensation to workers whose data was stolen and leaked online by a former employee in 2014.

Internal auditor Andrew Skelton was jailed for eight years in 2015 for obtaining the names, addresses, bank account details and salaries of 5,518 employees and posting them online.

Skelton also sent the data to a number of newspapers who then alerted the supermarket.

Morrisons data breach

However a class action lawsuit on behalf of those affected claimed Morrisons was ultimately responsible because employees were at risk of identity theft and financial loss because of breaches of privacy and data protection law.

A High Court in Leeds has agreed, paving the way for a potential compensation claim.

“We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK,” said JMW Solicitors, who are representing the workers.

“Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure. The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients.

“Data breaches are not a trivial or inconsequential matter. They have real victims. At its heart, the law is not about protecting data or information – it is about protecting people.”

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

Morrisons is not aware of any employees losing any money as a result of the breach and offered anti-fraud services in the aftermath. It is expected to appeal the decision.

“The judge found that Morrisons was not at fault in the way it protected colleagues’ data but he did find that the law holds us responsible for the actions of that former employee, whose criminal actions were targeted at the company and our colleagues,” a spokesperson told Silicon.

“Morrisons worked to get the data taken down quickly, provide protection for those colleagues and reassure them that they would not be financially disadvantaged.

“The judge said he was troubled that the crimes were aimed at Morrisons, an innocent party, and yet the court itself was becoming an accessory in furthering the aim of the crimes, to harm the company. We believe we should not be held responsible so we will be appealing this judgement.”

Do you know all about security in 2017? Try our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago