WM Morrisons first class-action lawsuit of its kind represents a sea change for mishandling of data | ZoneFox | Insider Threat Detection

WM Morrisons first class-action lawsuit of its kind represents a sea change for mishandling of data

06 Dec WM Morrisons first class-action lawsuit of its kind represents a sea change for mishandling of data

The recent landmark verdict from the WM Morrisons trial — whereby former employees sued the supermarket chain for mishandling their payroll information, which was purposefully leaked online by a disgruntled worker — should serve as a wake-up call for companies of all shapes and sizes (‘Morrisons faces payout over leak of staff pay data‘, December 1). Much more needs to be done to protect data across the organisation; all too often, companies focus their cyber investment on external threats, when instead they should concentrate on what lurks within.


WM Morrison will now have to pay compensation to thousands of staff after a judge ruled that the company was “vicariously liable” for the actions of the irked employee that stole the salary and bank details of colleagues. This represents a sea change in how these cases are dealt with, as it is the first class-action lawsuit of its kind. Allthough Morrisons is now disputing the verdict, this undoubtedly sets a precedent for businesses who hold data on their staff, the issue may stem from an individual, but the repercussions can now be severe and company-wide. As such, it’s never been more vital for organisations to lock down their data and hunt threats in a truly proactive manner, rather than waiting for an attack to happen and then scrambling to remediate it.

It may be a term that evokes cloak and dagger espionage, but ‘insider threats’ covers a plethora of internal vulnerabilities. It could be that someone in a call centre takes pity on an individual who claims they can’t remember their banking password and gives them a few helpful hints, or it could be someone ringing up pretending to be from tech support in order gain sensitive administrative login details. Either way, the repercussions are monumental for businesses. They need insight into how data traverses the network and to be in a strong defensive that actively protects all stakeholders from suspicious activity.

This case is proof that, regardless of whether malicious or accidental, the insider threat is a very real and present danger to both data and a company’s finances. To think otherwise is grossly misguided.

Tweet about this on TwitterShare on Google+Share on LinkedInShare on FacebookEmail this to someone
Jamie Graves

Jamie is a data security and enterprise software entrepreneur. He has a PhD in Computer Science, and extensive security and digital forensics experience. He currently leads the ZoneFox team, has attended the prestigious Ignite course at Cambridge University’s Judge Business School, and the Entrepreneur Development Programme at The Massachusetts Institute of Technology (MIT). Jamie was a Finalist at the 2011 John Logie Baird awards in the Young Innovator of the Year Category, and received Edinburgh Napier University’s prestigious Young Alumnus of the Year Award 2011.