Morrisons found liable over 2014 data breach
Thousands of Morrisons staff could be awarded compensation over a data breach in 2014.
The High Court found the supermarket chain to be partly responsible for the incident, which involved the personal details of almost 100,000 current and former employees posted on the internet.
The data, which was leaked by former internal auditor Andrew Skelton - who has since been jailed for eight years - consisted of their names, addresses, national insurance numbers, bank account details and salaries.
Nick McAleenan, a partner and data privacy law specialist at JMW Solicitors, who represents the 5,518 claimants, hailed it as a landmark case.
"We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK," he said.
He added: "The consequences of this data leak were serious. It created significant worry, stress and inconvenience for my clients.
"Data breaches are not a trivial or inconsequential matter. They have real victims. At its heart, the law is not about protecting data or information – it is about protecting people."
A second trial is set to be held to determine the amount that Morrisons must pay in damages. However, the supermarket group said it plans to appeal the judgement.
A company spokesperson said: "The judge found that Morrisons was not at fault in the way it protected colleagues' data but he did find that the law holds us responsible for the actions of that former employee, whose criminal actions were targeted at the company and our colleagues.
"Morrisons worked to get the data taken down quickly, provide protection for those colleagues and reassure them that they would not be financially disadvantaged.
"In fact, we are not aware that anybody suffered any direct financial loss."