On 13 March, Supermarket retailer Morrisons confirmed that it had suffered a large security breach, with personal details of around 100,000 staff stolen from its payroll system, according to reports.
With Morrisons ruling out external cyber attack, the likely cause is an insider theft, with the company stating it had been victim of an "illegal theft of data" which was removed from the website it was uploaded to within hours. The stolen data was reportedly sent to a local Bradford newspaper containing employee salary and bank details affecting nearly all of the supermarket chain's staff.
Morrisons is working with West Yorkshire Police and cyber crime authorities to determine the source, as well as Experian and the major banks to provide support to employees. Customer data is unaffected.
Paul Kenyon, co-founder and EVP of global sales at Avecto commented: "It appears Morrisons has been the subject of an insider attack. Organizations can invest a huge amount protecting their networks and data from outside attacks, but those defences mean little against a rogue employee with an agenda, or even an unintentional error.
"We should give Morrisons credit as it has done all the right things in the aftermath. It reported the theft to the authorities, urgently reviewed its internal security measures and ensured its response is being led right from the top of the company.
"It's difficult to defend against the insider threat but there are steps that can be taken. Limiting the number of administrative accounts and controlling access efficiently can go a long way to minimising the risk."