• Legal action comes after former employee Andrew Skelton was jailed for sharing sensitive information
  • Morrisons vows to contest the case
  • Grocer says is it not accepting liability for actions of “a rogue individual”

Thousands of Morrisons staff are suing the grocer following a security breach in which employees’ personal details were posted online.

The supermarket giant is contesting what is believed to be the UK’s biggest ever claim in relation to a breach of security.

Former Morrisons employee Andrew Skelton was jailed for eight years in July after he posted the bank, salary and National Insurance details of 100,000 Morrisons staff online. The retailer today branded Skelton “a rogue individual”.

The jury was told how Skelton, who worked as a senior internal auditor at Morrisons’ head office in Bradford, leaked the details of 99,998 staff in an act of revenge after being accused of sending parcels containing legal highs from the grocer’s post room.

“We are contesting this case. We are not accepting the liability for the actions of a rogue individual”

Morrisons spokesman

More than 2,000 workers who were affected by the data leak are pursuing a group claim against the grocer, following a hearing at London’s High Court. It kick-started a four-month window during which other Morrisons workers can come forward and join the group action.

The grocer previously revealed that investigating and remediating the theft cost it around £2m.

A spokesman for Morrisons said: “We are contesting this case. We are not accepting the liability for the actions of a rogue individual.”

Implications for all employers

Nick McAleenan, a data privacy lawyer at JMW Solicitors, which is representing Morrisons staff, said the claim would allege that the grocer is responsible for breaches of privacy, confidence and data protection law.

McAleenan said the case had important implications for “every employee and every employer” in the UK and added: “Whenever employers are given personal details of their staff, they have a duty to look after them.

“My clients’ position is that Morrisons failed to prevent a data leak”

Nick McAleenan, JMW Solicitors

“That is especially important given that most companies now gather and manage such material digitally and, as a result, it can be accessed and distributed relatively easily if the information is not protected.

“My clients’ position is that Morrisons failed to prevent a data leak which exposed tens of thousands of its employees to the very real risk of identity theft and potential loss.

“In particular, they are worried about the possibility of money being taken from their bank accounts and – in the case of younger clients – negative consequences for their credit rating.”

Topics