The Court of Appeal for the UK has declared that British supermarket chain Morrisons is legally responsible for the data breach that affected thousands of its staff.
The supermarket chain would be required to pay a heavy compensation to 5,518 claimants, whose personal information was leaked on the internet.
On 12 January 2014, a senior IT auditor in Morrisons’ employment Andrew Skelton leaked payroll data of about 100,000 employees on the web.
The data included salaries, national insurance numbers, dates of birth and bank account details among others.
Following the revelation of this data, 5,518 employees of Morrisons claimed compensation both for breach of statutory duty and misuse of private information, and equitable claim for breach of confidence.
In December last year, the High Court ruled that the supermarket giant was liable for the breach. It is the first data leak class action in the UK.
Upholding the original ruling, the Court of Appeal has refused Morrisons permission to appeal to the Supreme Court.
Morrisons spokesperson said: “A former employee of Morrisons used his position to steal data about our colleagues and then place it on the internet and he’s been found guilty for his crimes.
“Morrisons has not been blamed by the courts for the way it protected colleagues’ data but they have found that we are responsible for the actions of that former employee, even though his criminal actions were targeted at the company and our colleagues.
“Morrisons worked to get the data taken down quickly, provide protection for those colleagues and reassure them that they would not be financially disadvantaged. In fact, we are not aware that anybody suffered any direct financial loss. We believe we should not be held responsible so that’s why we will now appeal to the Supreme Court.”