Morrisons granted permission to take appeal over staff data breach pay-out to Supreme Court

More than 5,000 Morrisons staff are seeking compensation over the March 2014 data breach, caused by a disgruntled auditor

Supermarket chain Morrisons has been granted leave to take its appeal over a staff data leak payout to the Supreme Court.

The UK's fourth-largest supermarket group has lost successive cases following the March 2014 data breach, which saw an employee with a grudge leak the names, addresses, bank account details, national insurance numbers and salaries of more than 100,000 employees online.

Successive hearings have held Morrisons to be vicariously liable for the actions of senior internal auditor Andrew Skelton

A total of 5,518 current and former members of staff at Morrisons are suing the company for compensation in a class-action lawsuit, the first of its kind in the UK over a data breach.

Successive hearings have held Morrisons to be vicariously liable for the actions of senior internal auditor Andrew Skelton, who was sentenced to eight years in jail for the data breach in July 2017 and, hence, liable to pay compensation to people affected. Morrisons faces a claim running into tens of millions of pounds if it loses its final appeal.

Morrisons has argued that it was not responsible for the data breach and should, therefore, not be held liable for it, either directly or vicariously.

The courts, though, have so far disagreed. Even before Skelton was arrested, Morrisons had been criticised by computer security experts for lacking sufficient controls over access to such sensitive data.

It cannot be right that there should be no legal recourse where employee information is handed in good faith to one of the largest companies in the UK and then leaked

Nick McAleenan, a partner at law firm JMW Solicitors, which is representing the claimants in the class-action lawsuit, said that he expected the Supreme Court to affirm the rulings from lower courts.

"While the decision to grant permission for a further appeal is of course disappointing for the claimants, we have every confidence that the right verdict will, once again, be reached - it cannot be right that there should be no legal recourse where employee information is handed in good faith to one of the largest companies in the UK and then leaked on such a large scale."

He continued: "This was a very serious data breach which affected more than 100,000 Morrisons' employees - they were obliged to hand over sensitive personal and financial information and had every right to expect it to remain confidential. Instead, they were caused upset and distress by the copying and uploading of the information."

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.