Data from Morrisons’ staff payroll system has been stolen, published on the internet and sent on a disk to a newspaper.
The data theft included bank account details. It is thought 100,000 staff may be affected.
Morrisons said it had immediately ensured the data was taken off the website.
The retailer said: “Initial investigations suggest that this theft was not the result of an external penetration of our systems. We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged.”
Morrisons chief executive Dalton Philips is personally leading the response to the theft and has called in the police and cyber crime advisers.
Morrisons is setting up a helpline for its staff and is working with banks to address account security concerns.