Morrisons faces a compensation claim from thousands of employees after a judge ruled it liable for a data breach.
The High Court ruling opens the door for more than 5,000 employees that brought the liability claim against Morrisons to seek compensation, however, Morrisons said it plans to appeal the judgement.
The claim follows the theft and publication of personal details, including salary and bank account information, by disgruntled former employee Andrew Skelton, who was later jailed for his offences.
Justice Langstaff ruled that although Morrisons was not at fault in the way it protected the staff data, it was responsible for Skelton’s actions as he was its employee.
However, the judge said he was worried that his ruling of “vicarious no fault liability” could further Skelton’s aim of damaging Morrisons so said the supermarket could appeal his ruling so that a higher court could consider it.
Nick McAleenan, a partner at JMW Solicitors, who represented the claimants said this case – the first data leak class action in the UK – was a “landmark decision”.
“Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure.
“In the Morrisons case, almost 100,000 bank account details, national insurance numbers and other data was entrusted to a fellow employee to look after. Instead, however, he uploaded the information to the internet.
“This private information belonged to my clients. They are Morrisons’ checkout staff, shelf-stackers, factory workers – ordinary people doing their jobs. The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients.
“Data breaches are not a trivial or inconsequential matter. They have real victims. At its heart, the law is not about protecting data or information – it is about protecting people.”
A Morrisons spokeswoman said: ”We believe we should not be held responsible so we will be appealing this judgement.”