Supreme Court allows Morrisons to appeal data breach verdict

Supreme Court allows Morrisons to appeal data breach verdict

Supreme Court allows Morrisons to appeal data breach verdict

The Supreme Court of the United Kingdom has allowed supermarket chain Morrisons to file an appeal against the Court of Appeal verdict that found Morrisons responsible for a 2014 data breach which affected more than 100,000 employees.

The Supreme Court’s decision to allow Morrisons to appeal comes as a major boost for the supermarket chain as the Court of Appeal had, in October last year, refused to grant permission for the same.

In December 2017, the High Court in Leeds found Morrisons vicariously liable for the 2014 data breach that involved Andrew Skelton, an internal auditor at Morrisons’ Bradford office, leaking personal and financial information of nearly 10,000 internal staff on the web.

The High Court was approached by 5,518 current and former staff at Morrisons who demanded compensation from the supermarket chain for the distress they suffered following the data breach. The breach had compromised names, NI numbers, birth dates and bank account details of nearly 10,000 current and former Morrisons staff.

Skelton was sentenced to 8 years after being found guilty of leaking personal details of Morrisons employees, and Morrisons was also awarded £170,000 in compensation by the court.

“We say that, having entrusted the information to Morrisons, we should now be compensated for the upset and distress caused by what we say was a failure to keep safe that information,” said Jonathan Barnes, counsel for the employees.

Major boost for Morrisons

Following the High Court’s ruling, Morrisons said it will appeal the ruling it had incurred significant expenses to minimise the damage caused by the breach. The supermarket chain will now be able to present its side of the story to Supreme Court judges and hope for a favourable verdict.

If the Supreme Court rules in favour of the supermarket chain, then its decision will serve as a precedent in cases where organisations are held vicariously liable for the acts committed by malicious insiders.

Commenting on the Supreme Court’s decision to allow Morrisons to appeal against the decision of the Court of Appeal, Nick McAleenan of JMW Solicitors who represents the affected employees, said that he remains hopeful that his clients’ right to a legal recourse will be respected.

“While the decision to grant permission for a further appeal is of course disappointing for the Claimants, we have every confidence that the right verdict will, once again, be reached – it cannot be right that there should be no legal recourse where employee information is handed in good faith to one of the largest companies in the UK and then leaked on such a large scale.

“This was a very serious data breach which affected more than 100,000 Morrisons’ employees – they were obliged to hand over sensitive personal and financial information and had every right to expect it to remain confidential. Instead, they were caused upset and distress by the copying and uploading of the information,” he added.

Copyright Lyonsdown Limited 2021

Top Articles

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Ransomware attacks and the future role of the CISO - teissTalk

On 18 May, teissTalk host Jenny Radcliffe was joined by a panel of four cybersecurity experts in a wide-ranging discussion that covered government actions, ransomware attacks and the future of…

Communicating a Data Breach: Best Practices

When customers trust you with their personal data, they are expecting it to be protected. This means your response to a data breach is imperative and can make or break…

Related Articles

[s2Member-Login login_redirect=”” /]