Morrisons launches data strategy after employee arrest

19-Mar-2014 - Last updated on 19-Mar-2014 at 10:46 GMT

Morrisons has been forced to launch a data protection strategy after one of its employees allegedly leaked personal information

Morrisons has launched a three-step plan to safeguard its data, following the arrest of an employee for theft of personal information from its staff payroll system.

Information – including names , addresses, bank details and salaries of more than 100,000 employees – was stolen, published on the internet and sent on a disc to The Mirror newspaper, last week.

The information was immediately taken off the website, preventing loss of customer data, Morrisons claimed.

The Mirror did not open the disc and instead returned it to Morrisons to give to police, who then launched their investigations.

Since then, the retailer has purchased support from fraud prevention and credit risk firm Experian to help it detect misuse of its staff data and protect against identity fraud.

Protect account security

Morrisons has also informed UK banks about the data theft to ensure the appropriate measures are in place to protect account security.

Finally, it has advised its workforce on the measures it is taking to protect their security, including setting up a helpline for concerned staff.

Morrisons will continue its work with West Yorkshire Police, after the arrest yesterday (March 17).

The man was arrested on suspicion of making or supplying an article for use in fraud.

Detective chief inspector Gary Hooks, of Protective Services (Crime), said: “An employee of Morrisons has been arrested in Leeds this morning (March 17) in connection with an investigation into the theft of data from the company. He is currently in custody.”

The fourth-largest retailer claimed about 11.5M consumers pass through its doors each week and that it currently had a workforce of more than 131,000.

Its workers have since taken to Facebook to vent their anger at the company. Many were furious that they did not find out about the data theft until they read about it in the news on Friday.

Morrisons said letters were sent to all current employees by first class mail on Monday, March 17 and should be received over the next two to three days and certainly by the end of the week.

Violated and at risk

One worker said he felt violated and at risk of identity fraud following a confirmation email that his name was on the list published online.

John David Crockett said: “With this violation in personal security, we are now at risk of having loans / passports / bank accounts / finance / contracts and other services being taken out or registered in our names.”

Meanwhile, last week, City analysts described Morrisons’ outlook statement – accompanying its full year results – as “truly awful”.

Morrisons data protection plan

Purchase of new fraud prevention software from Experian
Ensure the appropriate measures are in place from UK banks to protect account security
Set-up measures to protect staff, including helpline

Not far enough

Posted by Phil Brining, 19 March 2014 - 21:46 GMT

Interesting article but the 3 step action plan is a far cry from a proper data protection plan - and is certainly NOT a data protection strategy! Morrisons haven't looked far enough in my opinion.

Report abuse

Data Protection a new fangled thing?

Posted by Mike, 19 March 2014 - 14:38 GMT

Hopefully the data commissioner is already engaged with Morrisons talking about the responsibilities they have whilst holding data. The fall out from this will take many months if not longer to shake down. Stark warning about them holding customers data is to be had from this story, and this seems to be the main focus they like to repeat. If they can loose data of over a 1,000 employees with what appears to be little to no security can they be trusted with your information?