Former employee exploits the personal data of thousands of employees, but Morrisons ruled responsible.
Thousands of Morrisons staff are expected to receive a compensation pay-out after a former employee stole and leaked data on the web.
Morrisons supermarket has now been added to the long list of companies falling victim to a data breach as an unhappy former employee, Andrew Skelton, exposed thousands of workers’ personal details online and sent it to newspapers.
Personal details including names, addresses bank account details and personal salaries of 5,518 former and current employees were exposed in 2014 when Skelton leaked the payroll data.
Skelton had access to over 100,000 bank account details and disclosed the information to the world via the internet.
In a High Court ruling, Morrisons was found ‘vicariously liable’ for the leaking of personal information with a second trial expected to be held to set the amount the supermarket must pay in damages.
Following the breach, lawyers of employees called for a pay-out after workers faced the risk of having their identities stolen and potential financial losses.
After the High Court ruling, Nick McAleenan of JMW Solicitors, acting for the claimants, said: “The High Court has ruled that Morrisons was legally responsible for the data leak.We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK.”
The motive behind Skelton’s actions is suspected to be after an altercation between him and the supermarket over an incident where he was accused of selling ‘legal highs’ at work.
After the incident Skelton was found guilty of fraud, securing unauthorised access to computer material and disclosing personal data and was sentenced to eight years in prison in 2015.
Morrisons have been granted leave to appeal the Judge’s decision and in that case, a higher court would consider taking on the case.