BreachExchange mailing list archives
Morrisons' staff lawsuit over data breach serves as insider threat reminder
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 3 Nov 2015 19:49:11 -0700
http://www.misco.co.uk/blog/news/03441/morrisons-staff-lawsuit-over-data-breach-serves-as-insider-threat-reminder Thousands of Morrisons staff are planning to sue the retailer over a data breach in which a disgruntled former colleague exposed the bank, salary and National Insurance details of almost 100,000 employees online, reports Computer Weekly. The case is a stark reminder to businesses of the potential impact of insider threats, says the tech news site. In what is believed to be the UK's biggest ever claim relating to a breach of data security, more than 2,000 Morrisons staff are planning to pursue a group claim against the supermarket. The staff were given leave to pursue the case at a hearing in the High Court in London last week before Barbara Fontaine, Senior Master of the Queen's Bench Division. There will be a four-month period before the case is returned to the courts, during which time other Morrisons employees affected by the breach could join the group action. Nick McAleenan, data privacy lawyer at JMW Solicitors, said: "The case has important implications for every employee and every employer in the country. Whenever employers are given personal details of their staff, they have a duty to look after them." Morrisons failed to prevent the data leak that exposed tens of thousands of its employees to the very real risk of identity theft and potential loss, he argued. McAleenan added that the claim to be filed by his clients would allege that Morrisons was ultimately responsible for breaches of privacy, confidence and data protection law. In July 2015, former employee Andrew Skelton was jailed for eight years over the leak, after a trial at Bradford Crown Court. Then a senior internal auditor at Morrisons' Bradford head office, Skelton had taken Morrisons' payroll information and leaked the details of 99,998 employees after being disciplined by the retailer for a prior incident. Security industry experts are warning about the seriousness of insider threats. The Online Alliance Trust has said that almost a third of data breaches in 2014 were caused either accidentally or maliciously by employees. Meanwhile, a poll by the Sans Institute in April 2015 showed that 40% of businesses had no systems in place to address this concern and another 32% said they lacked appropriate policies and procedures to deal with insider threats.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Morrisons' staff lawsuit over data breach serves as insider threat reminder Audrey McNeil (Nov 04)