Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Morrisons loses data breach appeal

Neil Hodge | October 23, 2018

U.K. supermarket chain Morrisons has lost its appeal to overturn a 2017 judgment that found it “vicariously liable” for a malicious data breach that saw a disgruntled former employee release the personal and financial details of nearly 100,000 staff. The company says it will now take the battle to the Supreme Court.

Morrisons had argued it could not be held liable for the criminal misuse of its data, but three U.K. Court of Appeal judges rejected the company’s appeal and upheld the original December 2017 decision, finding that while Morrisons was not directly liable for the data breach, the company was “vicariously liable” for the rogue employee’s actions as he had control of the data and was acting in the course of his employment.

Some 5,518 former and current employees brought a class-action claim against the company in October 2017 after Andrew Skelton, a senior IT auditor, stole the data—which...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.