Thousands of employees sue Morrisons for data leak
Thousands of supermarket staff should be compensated for the “upset and distress” caused by their personal details being posted on the internet, the High Court has been told.
Lawyers argue that the case, thought to be the first data leak class action in the UK, has potential implications for every person and business in the country. It centres on a security breach in 2014 when Andrew Skelton, a senior internal auditor at the Bradford headquarters of Morrisons, leaked the payroll data of nearly 100,000 employees, including their names, addresses, bank account details and salaries, putting it online and sending it to newspapers.
In July 2015 Skelton was found guilty at Bradford crown court of fraud, securing unauthorised access to computer material and disclosing personal data and jailed for eight years. The trial was told that his motive appeared to have been a grudge over a previous incident in which he was accused of dealing in synthetic drugs at work.
Yesterday Jonathan Barnes, counsel for 5,518 former and current Morrisons employees, told Mr Justice Langstaff in the High Court in London that the company had already been awarded £170,000 compensation against Skelton. He added that the trial judge said that Skelton wanted to do Morrisons “some real damage”. “The judge was sure that the employees were victims too, and it is those victims who have received no compensation for their distress or loss of control of the situation,” he said.
Barnes said that it was a “simple complaint” by the employees, who were required to provide the information when they joined Morrisons. “We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information.”
It is thought to be the largest claim in relation to a data breach in the UK and comes amid heightened concerns about cyber security.
David Webster, a partner at London law firm Russell-Cooke, said the stakes were high. He said the action was significant because it will assess “the exact extent to which employers can be legally responsible for the actions of their employees in any context is an area of law which is evolving to try and keep pace with the realities of modern working practices”.
Customers ditch companies that suffer breaches
Companies risk losing more than half of their customers if they suffer a significant personal data leak, research has revealed.
The research, conducted by international risk consultancy Baringa, covered banking, insurance, energy, television, telecommunications and internet businesses. It found that in the event of a data breach 30 per cent of people would switch provider immediately, while an additional 25 per cent would assess the media response before considering a switch.
The research coincided with the second reading in parliament of the Data Protection Bill. It claimed that “where multiple versions of customer information are saved to different systems, companies are more exposed to the risk of hacks or unauthorised use”.