Morrisons' 2014 data leak was a revenge hack from former employee

The case of 43 year-old Andrew Skelton is the best possible example of why you really shouldn't take business things personally.

If you don't know who Andrew Skelton is, here is his story:

Skelton worked as an IT auditor at the British supermarket Morrisons, and was incorrectly disciplined for receiving packages at the company’s head office in Bradford. Morrisons initially believed that one package contained drugs but it transpired that Skelton was using the mailroom for to buy and sell goods on eBay.

Apparently, he bore a grudge over this disciplinary misunderstanding, which is why he decided to steal and leak the company's entire 100,000 payrol database to journalists back in 2014.

The firm said it believed that the punishment was at the heart of his decision to leak data that had it fallen into the wrong hands would have constituted one of the most serious data breaches in British corporate history.

The data was briefly posted on a website and sent to journalists of several newspapers, who alerted police and the company to the breach, resulting in Skelton's quick arrest.

Skelton also write a resignation letter in the days before the incident in March 2014. “I have almost as little concern for the company as it does for me,” he is alleged to have written.

Morrisons claims that investigating and remediating the theft cost it £2 million, Computer World UK writes in a report.

"With Morrisons' estimated £2 million bill to fix this data breach, this particular clean-up will be significantly more expensive than a spillage in aisle four,” commented EMEA sales vice president for cloud security firm Netskope, Eduard Meelhuysen.

"These findings show that companies must monitor apps in use by employees and coach them towards approved solutions, as well as setting policy to prevent the upload of sensitive information which could result in a costly data breach."

Comment from Luke Brown, Vice President & GM, Europe Middle East Africa India & Latam at Digital Guardian:

"This latest breach demonstrates the seriousness of ‘insider threats’. A recent survey by the SANS Institute confirmed the insider threat is a key concern for security professionals. And yet, of the 770 businesses polled, 32 per cent had no systems in place to protect against insider attacks.

"Spotting cyber security incidents arising from within a company can be particularly tricky because the perpetrator may have legitimate access - and in this case, they did. It’s the classic Trojan Horse scenario. There are numerous technologies out there designed to insider threats, and small investments can go a long way. Deploying data aware cyber security solutions removes the risk factor associated with disgruntled employees and insider threats because even if someone has access to the data, they are prevented from copying, moving or deleting it without approval.

"Morrisons is just the latest target of an insider breach, but it certainly won’t be the last. Organisations and businesses must prioritise security to fully protect their most valuable asset – their sensitive data - which is simply irreplaceable once lost."

Comment from Todd Partridge, director at Intralinks:

“Companies spend millions defending their data against malicious activities from beyond the corporate firewall yet their own employees are routinely breaching IT policies and placing company documents at risk. Whilst human error can be innocent, companies often fail to recognise the risks their own staff may pose. Morrisons is certainly aware of this threat after spending £2 million to clear up the consequences of a data breach after a disgruntled auditor leaked bank and pay details of 100,000 store staff.”

“This news highlights how the consequences of an attack from the inside can be every bit as serious as being hacked from the outside. Research by the Ponemon Institute shows that 51 per cent of respondents aren’t convinced their organisations have the ability to manage and control user access to sensitive documents and how they are shared. Businesses therefore need to be investing in technological solutions which offer failsafe mechanisms to enable safe collaboration and secure sharing.

"Some advanced collaboration and document sharing solutions now offer an “unshare” feature, which revokes access to shared files regardless of whether they have been copied, shared or saved elsewhere. If the document needs to be retracted for any reason, every trace of it can be destroyed in a click.

"Controls like this can give a company peace of mind that the next employee with a grudge won’t land them with data leak fines and clear up costs.”