UK supermarket chain Morrisons has confirmed that it is looking into a data breach that saw “thousands” of staff payroll details posted to a website, revealing details of pay grades and bank account information.
Regarding the data theft, Morrisons today said:
On Thursday 13th March Morrisons was made aware that data from its staff payroll system had been stolen, published on the internet and sent on a disc to a newspaper. This data theft included bank account details. Morrisons immediately ensured it was taken off the website. Initial investigations suggest that this theft was not the result of an external penetration of our systems. We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged.
A company spokesperson reiterated to TNW that this was not an external penetration of its systems and was instead looking like “theft”.
The newspaper that Morrisons’ statement refers to is the Bradford Telegraph and Argus, which reports that up to 100,000 employee details could be implicated. A spokesperson for Morrisons verified that this figure is close to accurate and that it certainly affects “thousands” of employee details.
The company said it is now “working with the cyber crime authorities and the police to identify the source of the theft” and has informed colleagues of the situation. It’s also bringing in “experts” to help affected employees ensure they are not financially disadvantaged by the disclosure. Naturally, it also said it’s “urgently reviewing our internal data security measures”.
Featured Image Credit – Laurence Griffiths/Getty Images