A disgruntled Morrisons IT chief has been handed an eight year prison sentence for exposing the company’s 100,000-strong payroll database – including staff names, addresses and bank details – in revenge for being disciplined.
Bradford Crown Court had heard how IT auditor Andrew Skelton had been incensed when bosses accused him of using the HQ mailroom to send what they claimed was legal highs.
However, it transpired that he was simply receiving and posting goods he had bought and sold on eBay. But by then the damage was done. In his resignation letter, he wrote: “I have almost as little concern for the company as it does for me.”
Skelton was charged with fraud last November but denied all three counts. He even tried to cover his tracks by fingering a colleague and used his details to set up a fake email account, the court heard. The data breach cost Morrisons more than £2m to rectify.
David Holderness, reviewing lawyer at the Crown Prosecution Service’s Complex Casework Unit, said: “Andrew Skelton’s motive appears to have been a personal grievance over a previous incident where he was accused of dealing in legal highs at work.
“The potential loss to his victims and the sheer quantity of potentially compromised data was very significant and could have resulted in employees’ identities being stolen.
“The sentence imposed today sends out a very clear message that we will robustly prosecute serious fraudsters such as Skelton who believe they are above the law.”
Grudge sparked Morrisons breach
Staffer held over Morrisons breach
Graham: I’ll only spank the bad boys
Apple acts as scammers go wild
The naked truth about online data
Apple blames customers for breach
Breaches ‘everyday occurrences’
Half of eBay users now wary
Marketers shoulder hacking costs
Cyber gang banged up for 30 years