LONDON (Reuters) - Wm Morrison, Britain’s No. 4 grocer, suffered a major theft of data from its staff payroll system, including bank account details, on the same day it issued a huge profit warning, it said on Friday.
The Bradford, northern England-based firm said it was made aware on Thursday that staff pay data had been published on the internet and sent on a disc to a newspaper.
Morrisons ensured the data was taken off the website and said it did not believe it had been the victim of an external cyber attack, implying the data was likely leaked by an employee.
“Initial investigations suggest that this theft was not the result of an external penetration of our systems. We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged,” it said, adding it was working with the police and cyber crime authorities to identify the source of the theft.
Chief Executive Dalton Philips was leading the firm’s response to the theft.
Morrisons said it was also urgently reviewing its internal data security measures.
The Bradford Telegraph & Argus newspaper said it alerted Morrisons to the leak of data, which it said contained the pay and bank account details of about 100,000 staff, from director level downwards.
The newspaper said it was anonymously sent a disc containing the information by a “concerned Morrisons shopper”.
Morrisons employs about 132,000 across its business.
On Thursday, the grocer posted its lowest annual profit for five years, issued a profit warning and sparked fears of an industry price war after saying it would invest 1 billion pounds ($1.7 billion) in price cuts over three years to win back customers who have switched to discounters.
Reporting by James Davey; Editing by Brenda Goh and Mark Potter