Morrisons data leak auditor jailed for eight years

A former Morrisons auditor has been jailed for eight years after leaking the personal data of 100,000 of the company’s employees in a revenge attack on the firm.

Andrew Skelton was found guilty of fraud, securing unauthorised access to computer material and disclosing personal data by a jury at Bradford Crown Court last Friday (July 17).

Skelton was angry about an official warning that stopped him from using the company’s mail room to send out personal packages, the jury was told.

Information – including names, addresses, bank details and salaries of more than 100,000 Morrisons staff – was published by Skelton on the internet and sent on a disc to The Mirror newspaper in March last year.

The data breach cost Morrisons more than £2M to rectify, the court heard.

‘Position of considerable trust’

What Skelton published

  • Names
  • Addresses
  • Bank details
  • National Insurance numbers
  • Salaries

David Holderness, from the Crown Prosecution Service, said: “Andrew Skelton was in a position of considerable trust with access to confidential personal information as senior internal auditor at Morrisons.

“He abused this position by uploading this information – which included employees’ names, addresses and bank account details – onto various websites.

“He then attempted to cover his tracks and implicate a fellow employee by using this colleague’s details to set up a fake email account.”

Skelton’s motives appeared to have been as a result of a personal grievance when he was accused of dealing legal highs from work, Holderness added.

His actions could have resulted in employees’ identities being stolen and Morrisons has since had to pay professional fees and legal fees, he said.

A Morrisons spokeswoman said: “Andrew Skelton abused a position of trust to steal data about our colleagues and then place it on the internet.

‘Bringing Skelton to justice’

“We are grateful for the efforts of the West Yorkshire Police in bringing Mr Skelton to justice.

“The guilty verdict and the eight year prison sentence he received helps to bring closure for us and our employees following this incident.”

Following the leak, Morrisons employees were offered identity theft protection at a significant cost to the retailer, the spokeswoman added.

Meanwhile, Morrisons was recently challenged by the Groceries Code Adjudicator to explain why it was demanding impromptu payments from its suppliers after an email was leaked to the press.

The email to suppliers read: “With half year approaching the business is reviewing the performance of each of its suppliers … [Within Morrisons stores] there has been yet more price investment on key essential lines and we have 6,700 more colleagues in stores supporting service.

“All of this work has come at a significant cost to the business. We need your support to continue and build on this performance but not to the detriment of Morrisons’ profitability. To this end Morrisons’ expectations of [supplier name] is to support Morrisons with a lump sum payment of [£XXX] payable by 17 July 2015.”

Morrisons details fraud case

“Andrew Skelton abused a position of trust to steal data about our colleagues and then place it on the internet.

“We are grateful for the efforts of the West Yorkshire Police in bringing Mr Skelton to justice. The guilty verdict and the eight year prison sentence he received helps to bring closure for us and our employees following this incident.

“All our colleagues were offered identity theft protection as a result of this crime at a significant cost to the company.”