The case centres around the action of a disgruntled former employee who sent bank, salary and National Insurance details of almost 100,000 members of staff to newspapers and data sharing websites in 2014.
Staff are pursuing a claim for damages against Morrisons having had their application for a Group Litigation Order (GLO) approved by the High Court in London last November.
Since serving and former staff employed at Morrisons’ supermarkets and its Kiddicare, Farmers Boy and Woodhead subsidiaries lodged their application for the GLO, the number demanding compensation has more than doubled – from just over 2,000 to more than 5,000.
Nick McAleenan, a data privacy lawyer at JMW Solicitors, who is representing the group, said other members of staff wishing to join the legal action needed to act fast.
“The High Court established a cut-off point of April 8 this year for any employee who wants to make a claim, but the process of making them a part of the group action means that they must be formally included well in advance of that date,” said McAleenan.
‘Vigorously contest’ its assertion
McAleenan confirmed that Morrisons had now filed a formal defence to the claim in which it denied any liability for the leak and vowed to “vigorously contest” its assertion that it wasn’t to blame for a data leak.
He said the retailer had not accepted that staff had suffered any distress as a result of having their details leaked.
He added: “During the trial of the individual who leaked the material, Morrisons acknowledged the huge potential implications for staff as a result of what had happened, including identity theft and financial loss.
“This information was leaked by someone employed at the time by Morrisons. We believe it could and should have done more to prevent our clients’ details being circulated in this way.”
Not accepting liability
A Morrisons spokesman said: “We have always made clear that we are not accepting liability for the actions of a rogue individual. We are not aware of anybody suffering any financial loss as a result of this breach.”
Morrisons’ defence is the latest stage in the process which began with the leaking of data relating to 99,998 employees by Andrew Skelton in March 2014.
Skelton, who had worked as a senior internal auditor at Morrisons’ head office, was jailed for eight years in July last year.
His trial heard that he developed a grudge having previously been suspected of dealing controlled drugs at work.
Morrisons’ data leak legal row timeline
- April 8, 2016: cut-off point for employees joining the action
- November 2015: employees’ group action approved by High Court
- October 2015: More than 2,000 Morrisons staff plan to take legal action over data leak
- July 2015: Andrew Skelton jailed for eight years
- November 2014: Andrew Skelton charged with fraud
- March 2014: 99,998 employees data leaked