A major police investigation was under way last night into a major security breach of the payroll system at Bradford supermarket giant Morrisons.
The company has also started an urgent review of its internal data security after being informed by the Telegraph & Argus that it had been the victim of the theft of confidential data.
Details of about 100,000 staff, from senior director level downwards, appeared on a website and a disc containing a copy of the details was sent anonymously to the T&A by someone signing themselves “a concerned Morrisons shopper”.
Morrisons chairman Sir Ian Gibson thanked the T&A for alerting the Bradford-based supermarket to the breach and for its responsible handling of the matter. The company has removed the data from the website and set about reassuring staff.
The police have also been called in to carry out a criminal investigation into what Morrisons described as a “serious theft of data”.
The data showed National Insurance numbers, addresses and bank account details of staff at all levels ranging from directors on six-figure wages to staff on a few thousands pounds a year.
Morrisons said its chief executive Dalton Philips was leading the response to the theft. In a statement the company said: “This data theft included bank account details. Morrisons immediately ensured it was taken off the website.
“Initial investigations suggest that this theft was not the result of an external penetration of our systems. We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged.
“We have already informed our colleagues about the theft and we are helping them take the appropriate actions to safeguard their personal data.”
Morrisons said action taken included working with cyber crime authorities and the police to identify the source of the theft.
Experts have been brought in to help Morrisons staff ensure they are not financially disadvantaged, banks informed of the matter and a staff helpline set up.
Morrisons e-mailed staff to inform them of the data theft, while managers also informed workers at its sites. The company posted a Facebook statement, but some staff voiced disquiet that they learned of the breach in this way.
One staff member commented on the site: “I haven’t been informed of this and shouldn’t have to read it on here.”
Morrisons said: “We are very sorry that this has happened. We will ensure that no colleague will be left financially disadvantaged as a result of this theft.”
The criminal inquiry into the theft is being led by West Yorkshire Police.
Det Chief Insp Nick Wallen said: “We are supporting Morrisons and their investigation into these matters.”
The data leak came a day after Britain’s fourth biggest supermarket tumbled to a £176 million annual loss and issued a profits warning, its worst results for five years which sent shares down by 12 per cent. It led Morrisons to announce a £1 billion price-cutting programme to counter the impact of discount stores Aldi and Lidl. which it has more overlap than its main supermarket rivals.