Morrisons Worker Accused of Exposing Data on 100,000 Employees

Written by

The perils of the disgruntled insider were highlighted again after it was alleged that an employee at supermarket giant Morrisons posted online sensitive personal information on staff because he held a “grudge” against the firm.

Andrew Skelton, 43, a senior internal auditor at the Morrisons head office in Bradford, is accused of leaking the details of nearly 100,000 supermarket employees – a breach which cost the firm over £2 million to mitigate, according to the BBC.

The data, including NI numbers, birth dates and bank account details, was posted online and sent to several newspapers last year, Bradford Crown Court heard.

Skelton had previously been cautioned for using the company's mail room to conduct eBay deals. After that disciplinary action, he was left harboring a grudge against the supermarket chain, apparently writing in a draft resignation letter found by police: "I have almost as little concern for the company as it does for me."

Skelton denies fraud by abuse of position, unauthorized access to data with the intent of committing an offence, and disclosing personal data, according to the report.

Todd Partridge, director at secure collaboration provider, Intralinks, argued that companies often fail to recognize the insider threat.

“Companies spend millions defending their data against malicious activities from beyond the corporate firewall yet their own employees are routinely breaching IT policies and placing company documents at risk.

“Morrisons is certainly aware of this threat after spending £2 million to clear up the consequences of a data breach after a disgruntled auditor leaked bank and pay details of 100,000 store staff. This news highlights how the consequences of an attack from the inside can be every bit as serious as being hacked from the outside.”

Research from Intralinks conducted by the Ponemon Institute in the US, UK and Germany late last year found that 51% of organizations aren’t convinced they have the ability to manage and control insider access to sensitive documents and how they are shared.

What’s hot on Infosecurity Magazine?