Information – including names , addresses, bank details and salaries of more than 100,000 employees – was stolen, published on the internet and sent on a disc to The Mirror newspaper, last week.
The information was immediately taken off the website, preventing loss of customer data, Morrisons claimed.
The Mirror did not open the disc and instead returned it to Morrisons to give to police, who then launched their investigations.
Since then, the retailer has purchased support from fraud prevention and credit risk firm Experian to help it detect misuse of its staff data and protect against identity fraud.
Protect account security
Morrisons has also informed UK banks about the data theft to ensure the appropriate measures are in place to protect account security.
Finally, it has advised its workforce on the measures it is taking to protect their security, including setting up a helpline for concerned staff.
Morrisons will continue its work with West Yorkshire Police, after the arrest yesterday (March 17).
The man was arrested on suspicion of making or supplying an article for use in fraud.
Detective chief inspector Gary Hooks, of Protective Services (Crime), said: “An employee of Morrisons has been arrested in Leeds this morning (March 17) in connection with an investigation into the theft of data from the company. He is currently in custody.”
The fourth-largest retailer claimed about 11.5M consumers pass through its doors each week and that it currently had a workforce of more than 131,000.
Its workers have since taken to Facebook to vent their anger at the company. Many were furious that they did not find out about the data theft until they read about it in the news on Friday.
Morrisons said letters were sent to all current employees by first class mail on Monday, March 17 and should be received over the next two to three days and certainly by the end of the week.
Violated and at risk
One worker said he felt violated and at risk of identity fraud following a confirmation email that his name was on the list published online.
John David Crockett said: “With this violation in personal security, we are now at risk of having loans / passports / bank accounts / finance / contracts and other services being taken out or registered in our names.”
Meanwhile, last week, City analysts described Morrisons’ outlook statement – accompanying its full year results – as “truly awful”.
Morrisons data protection plan
- Purchase of new fraud prevention software from Experian
- Ensure the appropriate measures are in place from UK banks to protect account security
- Set-up measures to protect staff, including helpline