Morrisons staff to sue after disgruntled colleague Andrew Skelton posted bank, salary and National Insurance details online

Catherine Neilan
Follow Catherine
Lawyers claim Morrisons is ultimately responsible (Source: Getty)

Morrisons staff are planning to sue the supermarket after a data leak led to personal details of almost 100,000 employees being posted online by "a former colleague with a grudge".

Bank, salary and National Insurance details were posted by Andrew Skelton, a senior internal auditor at Morrisons' Bradford head office, on data sharing websites after being disciplined for a previous incident in which he was accused of using the company's mailroom to ship parcels to his private eBay customers.

He also sent the information to a number of newspapers.

Read more: Morrisons' inconvenient truth is a lesson for the industry

Skelton was jailed for eight years in July, following a trial at Bradford Crown Court.

More than 2,000 of his ex-colleagues are now to pursue a group claim against the retailer following a hearing before senior master Barbara Fontaine at the Queen’s Bench Division of the High Court in London.

There will be a four-month period in which other Morrisons' employees who were affected could join the group action.

Nick McAleenan, a data privacy lawyer at JMW Solicitors, said: “My clients' position is that Morrisons failed to prevent a data leak which exposed tens of thousands of its employees to the very real risk of identity theft and potential loss.

"In particular, they are worried about the possibility of money being taken from their bank accounts and - in the case of younger clients - negative consequences for their credit rating."

Read more: Morrisons takes a bite out of £3bn sandwich market

The case had important implications for “every employee and every employer” in the country, he added.

“Whenever employers are given personal details of their staff, they have a duty to look after them.

“That is especially important given that most companies now gather and manage such material digitally and, as a result, it can be accessed and distributed relatively easily if the information is not protected."

McAleenan said the claim to be filed by his clients would allege that Morrisons was ultimately responsible for breaches of privacy, confidence and data protection law.

He added: “I expect that we may well see other employees who might have been dissuaded from making a claim on their own deciding to join with their colleagues because of the group momentum which has now been established.”

A Morrisons spokeswoman declined to comment, beyond noting Skelton's eight year sentence.

Related articles