Supreme Court allows Morrisons to appeal data breach verdict

Supreme Court allows Morrisons to appeal data breach verdict

Supreme Court allows Morrisons to appeal data breach verdict

The Supreme Court of the United Kingdom has allowed supermarket chain Morrisons to file an appeal against the Court of Appeal verdict that found Morrisons responsible for a 2014 data breach which affected more than 100,000 employees.

The Supreme Court's decision to allow Morrisons to appeal comes as a major boost for the supermarket chain as the Court of Appeal had, in October last year, refused to grant permission for the same.

In December 2017, the High Court in Leeds found Morrisons vicariously liable for the 2014 data breach that involved Andrew Skelton, an internal auditor at Morrisons' Bradford office, leaking personal and financial information of nearly 10,000 internal staff on the web.

The High Court was approached by 5,518 current and former staff at Morrisons who demanded compensation from the supermarket chain for the distress they suffered following the data breach. The breach had compromised names, NI numbers, birth dates and bank account details of nearly 10,000 current and former Morrisons staff.

Skelton was sentenced to 8 years after being found guilty of leaking personal details of Morrisons employees, and Morrisons was also awarded £170,000 in compensation by the court.

"We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information," said Jonathan Barnes, counsel for the employees.

Major boost for Morrisons

Following the High Court's ruling, Morrisons said it will appeal the ruling it had incurred significant expenses to minimise the damage caused by the breach. The supermarket chain will now be able to present its side of the story to Supreme Court judges and hope for a favourable verdict.

If the Supreme Court rules in favour of the supermarket chain, then its decision will serve as a precedent in cases where organisations are held vicariously liable for the acts committed by malicious insiders.

Commenting on the Supreme Court's decision to allow Morrisons to appeal against the decision of the Court of Appeal, Nick McAleenan of JMW Solicitors who represents the affected employees, said that he remains hopeful that his clients' right to a legal recourse will be respected.

"While the decision to grant permission for a further appeal is of course disappointing for the Claimants, we have every confidence that the right verdict will, once again, be reached - it cannot be right that there should be no legal recourse where employee information is handed in good faith to one of the largest companies in the UK and then leaked on such a large scale.

"This was a very serious data breach which affected more than 100,000 Morrisons’ employees - they were obliged to hand over sensitive personal and financial information and had every right to expect it to remain confidential. Instead, they were caused upset and distress by the copying and uploading of the information," he added.

Copyright Lyonsdown Limited 2020

Top Articles

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

COVID-19-forced work shifts prompting shifts in IT priorities

IT and security teams are changing their priorities to adjust with remote work to ensure productivity amidst COVID-19 related lockdowns.

Tips for building a cyber-security war room

Cyber security war rooms are essential but you need the right team of decision makers to be involved & you need to practice a variety of scenarios

Related Articles