Thousands of Morrisons staff are suing the grocer following a security breach in which employees’ personal details were posted online.
According to Retail Week, the supermarket giant is contesting what is believed to be the UK’s biggest ever claim in relation to a breach of security.
Former Morrisons employee Andrew Skeltonwas jailed for eight years after after he posted the bank, salary and National Insurance details of 100,000 Morrisons staff online. The retailer today branded Skelton “a rogue individual”.
The jury was told how Skelton, who worked as a senior internal auditor at Morrisons’ head office in Bradford, leaked the details of 99,998 staff in an act of revenge after being accused of sending parcels containing legal highs from the grocer’s post room.
More than 2,000 workers who were affected by the data leak are pursuing a group claim against the grocer, following a hearing at London’s High Court. It kick-started a four-month window during which other Morrisons workers can come forward and join the group action.
The grocer previously revealed that investigating and remediating the theft cost it around £2m.
A spokesman for Morrisons said: “We are contesting this case. We are not accepting the liability for the actions of a rogue individual.”
Nick McAleenan, a data privacy lawyer at JMW Solicitors, which is representing Morrisons staff, said the claim would allege that the grocer is responsible for breaches of privacy, confidence and data protection law.
McAleenan said the case had important implications for “every employee and every employer” in the UK and added: “Whenever employers are given personal details of their staff, they have a duty to look after them.