Wm Morrison supermarket suffers payroll data theft

A Morrison's supermarket

Related Stories

Morrisons says the majority of its staff have been affected by the theft of payroll data.

BBC business correspondent Emma Simpson has been told that details of around 100,000 employees have been stolen.

The information, which includes bank account details, has been published online and sent on a disc to a newspaper, according to the firm.

Morrisons said its initial investigation does not point to the work of an outside hacker.

The Bradford-based chain sought to allay shoppers' fears by saying there had been no loss of customer data.

Who is behind Morrisons data breach?

As if things weren't bad enough for Morrisons.

News of this serious breach emerged yesterday afternoon, just hours after the company posted a dire set of financial results.

The timing could be a complete co-incidence, but one possible theory could be that this was an attempt by a disgruntled employee to embarrass the company

A copy of the material was sent to the Bradford based Telegraph and Argus.

Whoever is behind it, this is a serious security breach.

It's understood that the details of some 100,000 staff, the majority of employees, had their details posted online, from employees on the shop floor to staff at board level.

It's the last thing this company needed as it begins a major restructuring to win back customers.

Morrisons says that staff will be not be "financially disadvantaged" by the data theft.

The company's response is being led by Chief Executive, Dalton Philips.

He is working with the police and cyber crime authorities to track down the source.

Police investigation

The criminal inquiry into the theft is being led by West Yorkshire Police.

Detective Chief Inspector Nick Wallen said: "We are aware of the situation and are supporting Morrisons and their investigation into these matters."

The firm is also undertaking an urgent review of its internal data security systems and it has set up a helpline for its staff.

Morrisons has told UK banks about the data loss and is working with them to help colleagues protect their accounts.

A spokesman for the company said the situation "remains fluid" as the investigation, which started last night, is "ongoing".

Facebook message

Morrisons put a message on Facebook this morning informing its employees of the breach and telling them what steps it is taking to limit the damage.

Staff have responded with a mixture of questions about what they should do next, and comments, some of which are angry.

The company found out about the theft on Thursday just after it had reported a £176m loss, and warned that profits in the coming year would be less than £375m, about half the level of last year's.

Shares in the company fell by more than 10% after that warning over profits on Thursday.

'Enemy within'

Guy Bunker, chief technical officer at cyber protection company, Clearswift, said that the security lapse at Morrisons proves that organisations have to be aware of internal security threats.

"It is a real problem. There are more challenges from within than without. People need to look at where they're spending their money and what they're spending on internal security protection

"You can't ignore the enemy within," he said.

The European Parliament has just approved a draft data protection law, which, if it were enacted, would mean that companies could be fined 5% of their global turnover in the event of a serious data breach.

The proposed changes are opposed by some large American and European companies.

More on This Story

Related Stories

More Business stories



Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.