Thousands of staff of Morrisons are to be given compensation because of a data breach that happened when a dissatisfied former employee posted their details online.
The High Court discovered that the supermarket was responsible for the leaking of the personal information of the employees, with a second trial scheduled to be held to settle the amount that Morrisons must pay in damages.
However, Morrisons is planning to appeal the said judgment.
A spokesperson for the supermarket stated: “A former employee of Morrisons used his position to steal data about our colleagues and then place it on the internet and he’s been found guilty for his crimes.
“The judge found that Morrisons was not at fault in the way it protected colleagues’ data but he did find that the law holds us responsible for the actions of that former employee, whose criminal actions were targeted at the company and our colleagues. Morrisons worked to get the data taken down quickly, provide protection for those colleagues and reassure them that they would not be financially disadvantaged. In fact, we are not aware that anybody suffered any direct financial loss.
“The judge said he was troubled that the crimes were aimed at Morrisons, an innocent party, and yet the court itself was becoming an accessory in furthering the aim of the crimes, to harm the company. We believe we should not be held responsible so we will be appealing this judgment.”
In 2015, Andrew Skelton, a former Morrisons auditor, was imprisoned for eight years over fraud after leaking information of nearly 100,000 employees due to a “personal grievance” against Morrisons, according to reports from Skelton’s original sentencing.
A partner and a specialist on data privacy law at JMW Solicitors, Nick McAleenan, represented the 5,518 claimants and hailed it as a landmark case.
McAleenan stated: “We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK. Every day, we entrust information about ourselves to businesses and organisations. We expect them to take responsibility when our information is not kept safe and secure.
“The consequences of this data leak were serious. It created significant worry, stress, and inconvenience for my clients. Data breaches are not a trivial or inconsequential matter. They have real victims. At its heart, the law is not about protecting data or information – it is about protecting people.”