Data Breach – Morrisons Employees Sue For Personal Data Leak

By Sam Thomas | 11th October 2017 | 14 min read

This week a landmark High Court case began as over 5,500 current and former employees of WM Morrison seek compensation over a companywide personal data breach.

The case thought to be the UK's largest in relation to the breach of personal data comes amid increased concerns regarding cybersecurity. The High Court has been told that staff should be compensated for the “upset and distress” caused by their personal details being shared online.

The case centres on a data breach stretching back to 2014 when ex-employee, Senior Internal Auditor, Andrew Skelton, leaked employee personal data. The leak led to nearly 100,00 employee’s personal data such as salaries, national insurance numbers and bank details being shared online. Subsequently, in 2015, Skelton was found guilty and jailed for eight years for fraud, securing unauthorised access to computer material and disclosing personal data.

The case brought against Morrisons however, will decide if the business is liable for the data breach and if found guilty a second trial will begin to determine the compensation received for over 5,500 staff members affected.

What a data breach means for your business

According to the Times, research conducted by an International Risk Consultancy firm, Baringa, which covered banking, insurance, energy, telecommunications and internet businesses finds that companies risk losing more than half of their customers if they suffer a personal data leak. Further findings report that in the event of a data breach 30 percent of people would switch provider immediately, while an additional 25 percent would assess the media response before considering a switch.

What’s my next step?

As the new General Data Protection Regulation comes into full force on 25th May 2018, it’s important to quickly understand what’s required of you as soon as possible and to ensure your business data protection processes are up to speed amongst increasing cyber and data security fears and increasingly tight data protection legislation.

How IRIS can help

There are currently two ways we can help your business and its data protection processes.

1. Download the 9 Steps to prepare for GDPR Checklist now!

We have developed a handy checklist of the nine keys steps your business should take to prepare for the introduction of the GDPR.

To give your business the best chance of complying by the 25th May 2018 implementation date why not print off the 9 steps to prepare for the GDPR checklist and tick off each step as you go!

Download now

2. Join a training course

‘An Introduction to General Data Protection Regulation’ is a brand new training course aimed to highlight the key issues that might affect you as a business and to help you understand the next steps for your business. The course, which is delivered online, will give you an understanding of exactly how you will be affected by the GDPR upon its introduction, as well as what you should be doing to prepare.