We've been featured in:

Morrisons Data Breach Compensation Claims Guide

Welcome to our Morrisons data breach guide. This explores what options you have if you suffer from a data breach by Morrisons supermarket.

Under the General Data Protection Regulation (GDPR), businesses and organisations such as supermarkets have a duty to protect the data they collect from customers, employees and other parties.

In this guide, we will explain what Morrison’s must do to uphold this duty towards your data. We will also define what a supermarket data breach is and advise victims on how they can make a claim for data breach compensation.

If you have evidence that you’ve been impacted by a Morrison’s data protection breach and wish to claim compensation, Legal Expert can help.

To begin your compensation claim, call us today for your free telephone assessment. If we can see that you have legitimate grounds to claim compensation we will provide you with a No Win No Fee solicitor.

Call us on 0800 073 8804 or use our online contact form to get answers to your questions or to enquire about claiming today.

Morrisons data breach claims guide

Select A Section

What Is A Data Breach Claim Against Morrison’s?

A data breach is when there is a breach of security in an organisation that leads to data exposure, loss, alterations of personal data, destruction of data, or individuals getting unauthorised access to information.

Data breaches can happen for different reasons, for example, they could happen due to a staff error, an insider threat or because of criminal activity, such as hacking.

While cybercrime is common nowadays, simple instances of human error can cause significant damage. For example, an employee may send out a marketing email that has a list of recipient’s names and email addresses attached to it.

Similarly, Morrisons may send a letter intended for a customer to the wrong address, sharing the customer’s personal data with another party. Or an unencrypted USB stick may be left in a shared computer, allowing unauthorised personnel to access confidential data.

A data breach can also occur because of an insider threat, whereby a person working inside an organisation can expose data or pass data onto a third party. This can happen by accident, due to an error.

It can also happen if a disgruntled employee acts in a malicious manner. Or an employee may be involved in criminal activity and use their insider status to give fraudsters access to the data, for example passing on files or a password.

In terms of a Morrisons data breach, indeed Morrisons could also be subject to a cyber attack. For example, hackers may get into the company’s cybersecurity system. Or fraudsters may use malware or phishing techniques to gain access to personal data, which they can use to commit identity theft or use to ransom the company.

Data that could be breached can include the following:

  • Names
  • Addresses
  • Telephone number
  • Email addresses
  • Online activity
  • Passwords
  • Payroll data
  • Banking information.

In some instances, a third party may be judged to be liable for the personal data breach or IT data breach. For example, a database services company, like Blackbaud, that has a contract with Morrisons could be responsible for the breach. In this case, you could look to make a data breach claim against the third party.

If you wish to claim data breach compensation, Legal Expert can help you. Call us today for your free consultation and if we can see that you might be eligible, we can provide you with a knowledgeable lawyer to handle your claim.

Ensuring A Business Complies With GDPR Regulations

The purpose of the GDPR is to make sure that organisations and businesses such as supermarkets act responsibly with the data they collect and store.

Under the GDPR, the following roles in the data collection and handling process are defined:

  1. A data controller is an individual role or organisation. Data controllers are responsible for collecting, processing and storing data in accordance with the GDPR.
  2. Some organisations employ a data processor, which is a business that will process and store data from stakeholders on the organisation’s behalf.
  3. The person whose data is collected, stored and processed on behalf of the organisation is known as the data subject.

Organisations and businesses such as Morrisons have to abide by the following principles as set out in Article 5 of the GDPR:

  • That data is processed lawfully, fairly and transparently
  • Set out in explicit terms the legitimate purposes for collecting data
  • That collected data is restricted to what is needed
  • That date is kept accurate and up to date
  • Data should only be kept and stored for as long as necessary
  • That data is processed and stored with integrity and confidentiality

How Morrisons Breached Data Protection Regulations

A Morrisons data breach made the news in 2020 when an individual employee stole the data of around 100,000 of his colleagues and posted it on the internet.

In 2013, a senior IT auditor at Morrisons named Andrew Skelton decided to take revenge against the business by downloading payroll data for 100,000 Morrisons staff onto a USB stick. He then published the data onto a file-sharing site in early 2014.

This left Morrisons staff vulnerable to financial losses, identity theft and will have caused many to suffer psychological distress. Understandably many wished to seek compensation.

Mr Skelton was subsequently charged and imprisoned. However, a class action was brought against the supermarket chain. The case reached the Supreme Court which held that it wasn’t vicariously liable for the actions of its lone employee. In this case, Mr Skelton was pursuing a ‘personal vendetta, seeking vengeance for the disciplinary proceedings some months earlier.’

Therefore, employers can only be held liable for the actions of their employees if they’re closely connected with their duties at work.

What Data Incidents Can Be Reported To The ICO?

If you have been negatively impacted by a data breach by Morrisons, the incident may be reportable to the ICO. In some cases, the supermarket could receive a data breach fine from the ICO.

We recommend that you take the following actions if you wish to report a Morrisons data protection breach to the Information Commissioner’s Office:

  1. Write a letter of complaint to the data protection officer of Morrisons, with details about the data breach. The ICO has a guide to raising concerns with some tips for making it impactful.
  2. If three months have passed without an adequate response, you can escalate the complaint by contacting the ICO, if you wish to (you are not legally obliged to contact the ICO).
  3. You may seek to take legal action. Contact Legal Expert today to enquire about finding a solicitor to handle your Morrisons data breach claim.

How Could The Victim Of A Data Breach Be Compensated?

If you have been the victim of a Morrisons staff data leak or a Morrisons data breach, you may be eligible to make a claim.

If your case is successful, you could be awarded two heads of claim:

  1. Non-material damages: Having your personal data exposed or misused is a violation of your privacy rights. For many people, a breach of personal data can be a traumatic experience and can result in them becoming depressed, anxious or experiencing stress. This head of claim, therefore, looks at the psychological impact of a breach.
  2. Material damages: If you have experienced identity theft as a result of a data breach by Morrisons this may have led to financial losses. (For example, fraudsters may be eligible to withdraw money from your online bank account). You may be able to claim back these losses as part of a claim.

How To Claim Morrisons Data Breach Compensation

To begin your claim for data breach compensation, contact Legal Expert today. We offer a free no-obligation telephone assessment for anyone looking to claim compensation.

If after speaking to you, we can see that you are eligible to claim compensation we can provide you with a No Win No Fee solicitor to handle your case.

Why Use A Data Breach Claims Expert From Our Team?

What are the benefits of letting a Legal Expert solicitor handle your claim?

  • Your solicitor will be able to value what your claim is worth accurately and will negotiate with the defendant on your behalf to win you the maximum amount of compensation you could be owed.
  • Our solicitors are experienced in this area of law, so your claim will be in safe hands.
  • You will have the option to have your claim handled on a No Win No Fee basis.

Read our online solicitors reviews, left by our previous clients to see how many were happy with the service they received.

No Win No Fee Claims Against Morrisons

If you can show that you have been harmed because of a Morrisons data breach, Legal Expert can handle your claim on a No Win No Fee basis.

This means that you will not have to pay an upfront solicitors fee before your solicitor starts working on your case. Instead, you will agree to pay your solicitor a small, legally capped fee.

You will only be charged a success fee on the condition that your solicitor wins your compensation claim, making the process less risky financially.

What’s more, your success fee will be paid out of your compensation package, so you don’t have to worry about finding the funds to pay for your claim upfront.

Crucially, if your claim doesn’t lead to compensation, you will not be charged any fees by your solicitor.

To learn more about making a No Win No Fee data protection breach claim, read our online guide today or call us to chat with an adviser.

Start Your Claim With A Data Breach Expert

To learn more about data breach claims or to speak with us today about pursuing a case, get in contact with using one of the following methods:

  • Call us today to speak to a claims advisor. Dial 0800 073 8804 to speak to us.
  • Write to us about your ordeal using our online compensation claims form.
  • Use the widget in the bottom right corner of your browser, to webchat with an advisor.

Learn More

We hope that this guide to making a data breach compensation claim against Morrisons has been helpful. To learn more, please feel free to look at these online guides.

Morrisons Data Breach FAQs

When did the Morrisons data breach take place?

This happened back in 2014.

What were the circumstances for the Morrisons data breach?

An employee, Andrew Skelton, would intentionally leak payroll data for his colleagues as retribution for a dispute with his employer.

What is an example of a data breach?

This includes stealing physical details, computers, mobile phones and USB drives containing personal information.

What are the 3 categories of personal data breaches?

These are confidentiality, integrity and availability breaches.

Who must inform a data breach?

The DPO would be the party responsible for informing the data breach.

Who would you contact if a high-risk personal data breach occurs?

The ICO is the organisation to report a data breach to.

How long does a company have to report a data breach to the ICO?

The organisation must report the data breach no more than 72 hours after learning about the breach.

How much money could organisations be fined for a data breach?

Fines could be in the seven- or even eight-figure range depending on how many people lose their data.

Thanks for reading our guide to making a claim following a data breach by Morrisons. But please get in touch if you wish to make a compensation claim after a Morrisons data breach.