cloudThing logo in white
Menu open icon
tel: +44 (0) 121 393 4700
Menu closed icon


Generally useful pages


We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

Ariel view of supermarket shelves fully stocked

UK Supreme Court Rules Morrisons Can't Be Held Responsible

Sun Apr 05 2020

Morrisons was facing compensation claims from thousands of former and current employees over a 2014 data breach

Last Wednesday (01/04/2020), the Supreme Court ruled that the supermarket group, Wm Morrisons, couldn’t be held accountable for a 2014 data breach after a former employee posted personal details of over 100,00 members of staff online. 


Their victory in the Supreme Court ends a six-year legal struggle for the supermarket chain in which they were fighting possible compensation claims from thousands of current and former employees over the breach.


Back in 2017 Morrisons was originally held to be accountable by the High Court after Andrew Skelton, a former IT auditor working for Morrisons, published employee data online.

In a separate, criminal prosecution he was convicted of this and sentenced to eight years in jail.

Morrisons had given him authority in 2013 to send confidential payroll information for all their staff to external auditors in the exact same way he had previously done the year prior.

However, whilst he did send the information to the auditors, he also created a ‘personal’ copy which he eventually uploaded to a website and also sent anonymously to three separate newspapers. 


Upon learning of the breach Morrisons immediately took steps to remove their employee’s data from the website as well as notifying the Police.

Even so, a large group of Morrison employees later filed a law suit against the group, stating it was in breach of it’s statutory duty under the Data Protection Act by misusing private details of it’s employees and also breaching their confidentiality.


After the High Court found in favour of the employees Morrisons appealed to the Court of Appeal, which also agreed with the High Courts 2018 ruling.

Morrisons then brought the case to the Supreme Court which has now overturned all previous rulings…

open quote mark

The circumstances in which Skelton committed wrongs against the claimants were not such as to result in the imposition of vicarious liability upon his employer

Supreme Court judge Robert Reed

close quote mark

He continued to say that an employer couldn’t be held vicariously liable if the employee at fault (in this case Skelton) wasn’t engaged in the activity of expanding his employer’s business and in fact was actively pursuing a personnel agenda to harm his employer.


In their official ruling after the judgement was read Morrisons said:

open quote mark

We also know that many colleagues appreciated the way we got the data taken down quickly, provided protection for their bank accounts and reassured them that they would not, in any circumstances, be financially disadvantaged. In fact, we've seen absolutely no evidence of anyone suffering any direct financial loss.

Morrisons Spokesperson

close quote mark

Not quite Ready to get back to work just yet?

15 Cyber Security 'Things' To Safeguard Your Business

Taming Digital Chaos

Contact Us

If you're worried about Data Breaches within your organisation cloudThing will be happy to discuss how you can protect yourself



Company Name


Email Address


Telephone Number

Is there anything else you'd like us to know?

© cloudThing 2021

Sun Apr 05 2020

© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739