International Cyber Expo International Cyber Expo
  • About Us
Monday, 13 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Morrisons rocked by employee data theft

by The Gurus
March 14, 2014
in Editor's News
Share on FacebookShare on Twitter

Supermarket Morrisons has reported a breach of 100,000 payroll data records.
 
The details were sent on a CD and passed to theBradford-based Telegraph and Argus. Morrisons said that its initial investigation did not point to the work of an outside hacker, but that there had been no loss of customer data. The details were of employees from store staff to board level, and had been posted online.
 
A Morrisons spokesman told BBC news that an investigation began last night. It said that it found out about the theft on Thursday just after it had reported a £176m loss, and warned that profits in the coming year would be less than £375m, about half the level of 2013.
 
In a note on its Facebook page, Morrisons apologised to colleagues for the theft and publication of the data. “As soon as we became aware of this last night we took immediate steps to ensure the data was removed from the website. It was closed down within hours of us being notified,” it said.
 
It confirmed that this was an illegal theft of data; can no longer be accessed on the website; and it was liaising with the police and highest level of cyber crime authorities.
 
“The information included names, addresses and bank account details of colleagues. This affects colleagues from all levels of the organisation. We are very sorry that this has happened. We will ensure that no colleague will be left financially disadvantaged as a result of this theft.”
 
Tim ‘TK’ Keanini, CTO of Lancope, said: “This breach is not the first and certainly not the last of its kind. By the tactics used, the behaviour is more of revenge or hacktivism because the perpetrators wanted the stolen data to be public. If they were cyber criminals, it would have been harder to find in the initial stages because it would have been for sale on some darknet and for a price. Also, the data being sent to a newspaper is another telling sign of the attacker wanting it to be a very public event.
 
“I also find it interesting that the attackers only went after the employee data when all the customer data that is stored could have been stolen and monetized. Either it was taken, and they don’t know it yet, or this is clearly not the cyber criminal profile in that this prize would have been much larger in numbers and would yield a higher price on the dark markets. When you look at this event and you ask yourself, is this what good incident response looks like? I’d give them a B- in my book.”
 
Sergio Galindo, general manager, of the infrastructure business unit at GFI Software, said: “The theft and subsequent republishing of payroll data not only creates several legal and regulatory issues, it also will have further negative impact on the company’s brand name and consumer confidence – as it would for any company that suffers a data breach.
 
“We’ve already seen this with Target in the US, which suffered substantial bad press and falling consumer confidence which combined to hit trading figures in the wake of its payment data theft.”
 
Paul Ayers, VP EMEA at enterprise data security firm Vormetric, said: “Even in the wake of the mammoth Target and Neiman Marcus data breaches, this latest incident suggests that organisations are still struggling to protect their data resources from
those already legitimately ‘inside the fence’.
 
“It is often a case of ineffective management of ‘privileged’ users on corporate networks that causes this type of data breach incident. Every organisation will have employees or contractors who have far reaching, privileged, computer network access rights – and it is how these users are controlled and secured that is often a weak link in the data security framework.
 
“Organisations must be regularly assessing their security position and, more importantly, constantly monitoring their IT systems to detect and respond to data breaches as soon as they happen. In turn, encryption of all data must be viewed as a mandatory, life-saving seatbelt. It’s only with a deep level of security intelligence and data-centric security that businesses will be able to spot suspicious activity as and when it occurs, and stop outside attackers and rogue employees alike in their tracks.”
 
Nick Banks, VP EMEA & APAC at Imation Mobile Security Group, said: “Whilst we await for more details to emerge, initial indications from Morrisons are that this was an ‘inside job.’ It is a stark reminder that the insider threat is just as present and powerful as that of an outside cyber attack.
“In giving employees access to sensitive and confidential data it is imperative that companies are able to track that data – who has accessed it, from where – in order to understand what devices it is sitting on and if it has been accessed by someone who shouldn’t have.”

ShareTweet
Previous Post

Security skills shortage is "a global challenge"

Next Post

Ministers criticised for sale of postcode database

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol