Twinings staff access confidential employee bank data

Twinings has confirmed that a “small number” of staff at its factory in North Shields have accessed confidential payroll details relating to 263 staff without authorisation.

Jayne Shotton, political officer at the Union of Shop, Distributive and Allied Workers’ (USDAW’s) northeastern division, told FoodManufacture.co.uk that the information accessed comprised bank account names, account numbers and sort codes.

She said that Twinings first became aware of the breach when those responsible alerted senior management on August 6, and added: “The information is held on a separate IT system, but was accessed by employees via a computer on the shop floor.

Shotton said that USDAW and Twinings’ staff were disappointed that the firm “didn’t have proper measures in place” to prevent the two instances of illegal access, which occurred on December 31, 2009 and March 22, 2010.

 Justifiably angry

 The union is also upset that Twinings did not inform it immediately upon discovering the breach, Shotton said:“Twinings probably knew for about a week or so before it informed USDAW, and even then we had to make our own enquiries.

“We received a statement from Twinings that was distributed to employees last Friday, stating that the breach represented ‘little or no risk’.

 “To be honest the information is all you would see on a cheque – but the key point is that this private data should only be accessed by human resources or payroll staff.

 “Our members are justifiably angry about this, especially given recent problems at the North Shields site.

Continuing investigation

FoodManufacture.co.uk understands that senior management at Twinings are livid at the breach. A company spokesman said: “We notified our colleagues that we had identified an incident involving the unauthorised access of one of our isolated IT servers by a small number of employees.

“We are treating this issue with the utmost priority. We immediately took the necessary steps to secure the server to prevent any further unauthorised access, and we are continuing our investigation of the situation.

“It’s important to stress that we have consulted with the Financial Services Authority, the Information Commissioner’s Office and our group security advisers.

“All have confirmed to us that, given the nature of the information accessed, the disclosure of the information poses no greater risk to any individual than would normally be presented in everyday life.”

The latest incident follows recent news that the EU Commission is seeking “formal guarantees” from the Polish authorities that Twinings is not using an EU funding award to invest in a factory that will see UK production relocated abroad.

Twinings is consolidating its UK operations in Andover, Hampshire, with 129 jobs set to go at this site next spring, while the North Shields site faces closure in September 2011 with the loss of 263 jobs. The cuts follow a decision to transfer operations to a new factory in Poland and expand a Chinese site.