Morrisons was today facing being sued by thousands of its own staff in what is believed to be Britain’s biggest ever data security breach claim.
It follows the internet posting of the bank, salary and National Insurance details of almost 100,000 members of staff by a former colleague with a grudge.
Andrew Skelton was jailed for eight years in July following a trial at Bradford Crown Court which heard that he sent the information to newspapers and placed it on data sharing websites.
Skelton, who worked as a senior internal auditor at Morrisons’ Bradford head office, had previously been suspected of dealing controlled drugs at work.
More than 2,000 of his former colleagues are now to pursue a group claim against the supermarket giant following a hearing today at the Queen’s Bench Division of the High Court in London.
Other Morrisons’ employees who were affected have a four-month window in which to join the action.
Data Privacy lawyer Nick McAleenan from JMW Solicitors said the case had “important implications for every employee and every employer” in the country.
He said: “Whenever employers are given personal details of their staff, they have a duty to look after them.
“That is especially important given that most companies now gather and manage such material digitally and, as a result, it can be accessed and distributed relatively easily if the information is not protected.”
At today’s hearing lawyers for the staff argued that Morrisons failed to prevent a data leak which exposed them to “the very real risk of identity theft and potential loss”.
The employees were said to be worried about the possibility of money being taken from their bank accounts and possible negative impact on their credit rating.
Skelton’s trial was told that he took Morrisons’ payroll information and then leaked the details of 99,998 employees after being disciplined for a previous incident in which he was accused of using the company’s mailroom to ship parcels to his private eBay customers.
Mr McAleenan said the claim to be filed by his clients would allege that Morrisons was ultimately responsible for breaches of privacy, confidence and data protection law.
He added: “I expect that we may well see other employees who might have been dissuaded from making a claim on their own deciding to join with their colleagues because of the group momentum which has now been established.