A Morrisons employee has been arrested in connection with last week’s theft of bank details for some 100,000 Morrisons employees from the staff payroll system.
Morrisons on Friday scrambled to inform employees of the raid, emailing those who have corporate email accounts and hopping on social media to spread the word to those who don’t.
At the time, Morrisons said that initial investigations had suggested that there hadn’t been any external penetration of its systems, suggesting that the theft had been an insider job.
West Yorkshire police announced on Monday that they have, in fact, arrested a Morrisons employee “on suspicion of making or supplying an article for use in fraud.”
Detective Chief Inspector Gary Hooks of Protective Services (Crime) said that the employee – who is, of course, innocent until proved guilty – was arrested in Leeds on Monday morning in connection with an investigation into the theft of the banking details.
If the employee turns out to be guilty, it’s just one more example of how much damage can be done when sensitive data is handled by those who don’t deserve their employers’ (and colleagues’) trust.
Insider-assisted data theft is an acute threat for organisations.
Remember South Korea’s epic January 2014 breach?
That entailed an insider IT contractor who was arrested in the theft of 20 million South Korean credit cards – the largest-ever breach in the nation’s history.
Twenty million in South Korea. One hundred thousand from Morrisons.
Yeee-oow, insiders can sure put some hurt on a company.