Follow us on Twitter
Follow us on FacebookMorrisons not responsible for 2014 data breach
@ 2020/04/05Supreme Court ruling
The UK's Supreme Court ruled that British supermarket group Morrisons cannot be held liable for a 2014 data breach in which a former employee posted personal details of over 100,000 staff members on internet.
Morrissons faced compensation claims from thousands of former and current employees over the security incident.
In 2017, London's High Court had held Morrisons responsible for the publication of the employees' data by Andrew Skelton, former IT auditor at the company, who was later convicted for his wrongdoings and sentenced to an eight year jail term.
In November 2013, Morrisons was told to send payroll data of the company's entire workforce to external auditors, in the same way as he had previously done in 2012. He did this and saved a personal copy which he uploaded on a website and also sent it anonymously to three UK newspapers.
After the company learned about the data breach, it immediately took steps to remove employees' information from the internet and called in the coppers.
A large number of affected employees of the company later filed a lawsuit against the supermarket group, accusing it of breaching its statutory duty under the Data Protection Act, misusing private details of employees, and also breaching the confidence of workers.
The UK's Supreme Court ruled that British supermarket group Morrisons cannot be held liable for a 2014 data breach in which a former employee posted personal details of over 100,000 staff members on internet.
Morrissons faced compensation claims from thousands of former and current employees over the security incident.
In 2017, London's High Court had held Morrisons responsible for the publication of the employees' data by Andrew Skelton, former IT auditor at the company, who was later convicted for his wrongdoings and sentenced to an eight year jail term.
In November 2013, Morrisons was told to send payroll data of the company's entire workforce to external auditors, in the same way as he had previously done in 2012. He did this and saved a personal copy which he uploaded on a website and also sent it anonymously to three UK newspapers.
After the company learned about the data breach, it immediately took steps to remove employees' information from the internet and called in the coppers.
A large number of affected employees of the company later filed a lawsuit against the supermarket group, accusing it of breaching its statutory duty under the Data Protection Act, misusing private details of employees, and also breaching the confidence of workers.
