Latest Blogs

Wm Morrison – First data leak class action in the UK

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

The class action involves 5,500 current and past workers of Wm Morrison the supermarket group who have brought a lawsuit against the company over a large leak of personal data by a disgruntled employee back in 2014.

The employee released the payroll data (bank, salary, National Insurance numbers and their addresses) of 100,000 employees onto the internet. The case goes to court this week.

The disgruntled employee was Andrew Skelton a former senior auditor with the company who used to post room to undertake his eBay sales. He didn’t appreciate the disciplinary action taken against him. He actually got an 8 year prison sentence for fraud, unauthorised access to computer media and disclosing personal data.

Morrison’s did react quickly to the breach by taking down the private material but the question remains as to whether they took adequate steps to protect the data in the first place. A rogue employee is a standard threat agent in any security plan and so ideally a single employee should not be able to go undetected. As we have argued before prevention is not always possible but detection and a resilient response are essential requirements.

It’s an interesting thought for any Board director, how much are you dependent on the trustworthiness of the IT department? They probably have access to everything you do and that of your employees. I just wanted to create a bit of perspective!

Dr David Everett
Microexpert – An independent security company

Founded in 1983

Microexpert has been at the forefront of cryptographic design and development since 1983, having grown organically over the last 30+ years we have consistently supported the industry in delivering the highest quality, and through continuous training and development shaped our team to deliver the best service to our clients.

©2020 Microexpert. Registered number 01755695.