UK Supermarket Chain Morrisons Hacked, 100,000 File Data Breach
Fourth largest United Kingdom based supermarket chain, Morrisons, fell victim to a data breach Friday afternoon (March 14, 2014). Friday, the United Kingdom supermarket chain was notified that over 100,000 files had been leaked online of their employees personal details. Morrisons staff fear they may be at risk from fraudsters, after their bank account details were stolen and published online.
Morissons was unaware of the breach, a CD containing the publicly downloaded files was sent to the Bradford Telegraph & Argus newspaper, who then proceeded to notify the Morissons. The breach, was believed to be carried out by an insider with access to the payroll, as opposed to a hacker.
In a letter to employees and Facebook post, Morrisons stated:
‘We are extremely sorry to inform you that there has been a theft of colleagues’ personal information, which was uploaded onto a website. As soon as we became aware of this last night we took immediate steps to ensure the data was removed from the website. It was closed down within hours of us being notified’
‘The information included names, addresses and bank account details of colleagues. This affects colleagues from all levels of the organisation.’
The company has set up a hotline for employees who may fall victim to fraud, or for employees to inquire how they can better protect themselves.
Once the Facebook post went live, current employees, ex employees, along with the general public did not respond kindly in the comments. Comments inquired why the details were not encrypted, and how can they know the hotline or emails are safe to inquiry about stolen records.
As the records were publicly available online for download, the company has assured the public the link has been taken offline, and the files are not on such websites any longer. Morrisons and law enforcement are unsure how long the files were public before begin taken offline, but Morrisons is assuring “no colleague will be left financially disadvantaged as a result of this theft.” Morrisons has stated they are working hand in hand with police and the “highest level of cyber crime authorities.”
While they were unaware of such breach, Morrions is unsure if the cyber attack was orchestrated from the inside or not. They are asking all employees and former employees to send all inquires to firstname.lastname@example.org.