Wm Morrison – First data leak class action in the UK

The class action involves 5,500 current and past workers of Wm Morrison the supermarket group who have brought a lawsuit against the company over a large leak of personal data by a disgruntled employee back in 2014.

The employee released the payroll data (bank, salary, National Insurance numbers and their addresses) of 100,000 employees onto the internet. The case goes to court this week.

The disgruntled employee was Andrew Skelton a former senior auditor with the company who used to post room to undertake his eBay sales. He didn’t appreciate the disciplinary action taken against him. He actually got an 8 year prison sentence for fraud, unauthorised access to computer media and disclosing personal data.

Morrison’s did react quickly to the breach by taking down the private material but the question remains as to whether they took adequate steps to protect the data in the first place. A rogue employee is a standard threat agent in any security plan and so ideally a single employee should not be able to go undetected. As we have argued before prevention is not always possible but detection and a resilient response are essential requirements.

It’s an interesting thought for any Board director, how much are you dependent on the trustworthiness of the IT department? They probably have access to everything you do and that of your employees. I just wanted to create a bit of perspective!

Dr David Everett
Microexpert – An independent security company

© 2018 Microexpert. Registered number 01755695.
line-height: 180%;