The group action, believed to be the largest ever claim in relation to a data security breach, comes after staff salary and bank details were posted online last year.
Former Morrisons auditor Andrew Skelton was jailed for eight years in July for leaking the details of 100,000 staff members in a revenge attack on the firm.
Former employee with grudge
Skelton held a grudge over an official warning that stopped him from using the company’s mail room to send out personal eBay packages, Bradford Crown Court heard.
Thousands of affected staff are now set to pursue a group claim against Morrisons following a hearing at the Queen’s Bench Division of the High Court in London.
JMW Solicitors data privacy lawyer Nick McAleenan said other Morrisons’ employees whose details were also leaked could join the group action over the next four months.
“My clients’ position is that Morrisons failed to prevent a data leak which exposed tens of thousands of its employees to the very real risk of identity theft and potential loss,” he said.
“In particular, they are worried about the possibility of money being taken from their bank accounts and – in the case of younger clients – negative consequences for their credit rating.”
Implications for ‘every employee’
McAleenan said the case has important implications for “every employee and every employer” in the country.
“Whenever employers are given personal details of their staff, they have a duty to look after them,” he said.
“That is especially important given that most companies now gather and manage such material digitally and, as a result, it can be accessed and distributed relatively easily if the information is not protected.”
Skelton published staff data – including names, addresses, bank details and salaries – on the internet and sent it on a disc to the Mirror newspaper in March last year.
His motives appeared to have been as a result of a personal grievance when he was accused of dealing legal highs from work, according to the Crown Prosecution Service.