Morrisons' staff lawsuit over data breach serves as insider threat reminder

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.misco.co.uk/blog/news/03441/morrisons-staff-lawsuit-over-data-breach-serves-as-insider-threat-reminder

Thousands of Morrisons staff are planning to sue the retailer over a data
breach in which a disgruntled former colleague exposed the bank, salary and
National Insurance details of almost 100,000 employees online, reports
Computer Weekly.

The case is a stark reminder to businesses of the potential impact of
insider threats, says the tech news site.

In what is believed to be the UK's biggest ever claim relating to a breach
of data security, more than 2,000 Morrisons staff are planning to pursue a
group claim against the supermarket.

The staff were given leave to pursue the case at a hearing in the High
Court in London last week before Barbara Fontaine, Senior Master of the
Queen's Bench Division.

There will be a four-month period before the case is returned to the
courts, during which time other Morrisons employees affected by the breach
could join the group action.

Nick McAleenan, data privacy lawyer at JMW Solicitors, said: "The case has
important implications for every employee and every employer in the
country. Whenever employers are given personal details of their staff, they
have a duty to look after them."

Morrisons failed to prevent the data leak that exposed tens of thousands of
its employees to the very real risk of identity theft and potential loss,
he argued.

McAleenan added that the claim to be filed by his clients would allege that
Morrisons was ultimately responsible for breaches of privacy, confidence
and data protection law.

In July 2015, former employee Andrew Skelton was jailed for eight years
over the leak, after a trial at Bradford Crown Court.

Then a senior internal auditor at Morrisons' Bradford head office, Skelton
had taken Morrisons' payroll information and leaked the details of 99,998
employees after being disciplined by the retailer for a prior incident.

Security industry experts are warning about the seriousness of insider
threats. The Online Alliance Trust has said that almost a third of data
breaches in 2014 were caused either accidentally or maliciously by
employees.

Meanwhile, a poll by the Sans Institute in April 2015 showed that 40% of
businesses had no systems in place to address this concern and another 32%
said they lacked appropriate policies and procedures to deal with insider
threats.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!