Morrisons, the United Kingdom’s fourth largest supermarket chain, has suffered a major data breach. The company says that someone has managed to steal the personal and financial information of employees and posted it on a website.
“We are extremely sorry to inform you that there has been a theft of colleagues’ personal information, which was uploaded onto a website. As soon as we became aware of this last night we took immediate steps to ensure the data was removed from the website,” Morrisons wrote in a statement published on Facebook.
The stolen staff payroll information includes names, addresses, and bank account details. Employees from all levels are said to be impacted by the incident. The leaked information was allegedly available on a website only for a few hours before being pulled down.
The Telegraph reports that the information was also sent to a newspaper on a disk, but the newspaper has not been named.
The company calls the incident “an illegal theft of data” and says that it is working with the police and cybercrime authorities to get to the bottom of it.
“Our immediate priority is the security of your financial information. We are currently working with Experian and the major banks to ensure that we provide full support and assistance to all affected colleagues. This will include support and advice around protection of your bank account,” the company noted.
Morrisons says it’s confident that no customer information has been stolen. The supermarket says there’s no evidence that this is an external attack. The company’s Chief Executive, Dalton Philips, is leading the response.
The company promises to provide more details soon. In the meantime, it urges employees who might have any questions to send them an email to data.advice (at) morrisonsplc.co.uk
“We are very sorry that this has happened. We will ensure that no colleague will be left financially disadvantaged as a result of this theft,” Morrisons concluded its statement.
Some employees have already complained on Facebook about not getting the notification emails. Many have been wondering if former employees are also affected. At least one individual says the incident might be related to his bank account being fraudulently accessed recently.
The announcement comes shortly after Morrisons announced its intentions to cut down prices to compete with discount chains after suffering an annual loss of £176 million ($292 million / €210 million).
Another incident that shows insider threats should never be neglected, especially by a large company.