18 July 2015


The UK Crown Prosecution Service has announced that Andrew Skelton, a former employee of the Morrisons supermarket group, has been found guilty of fraud, securing unauthorised access to computer material and disclosing personal data. Skelton was sentenced to eight years at Bradford Crown Court, in relation to stealing personal data belonging to nearly 100,000 Morrisons employees.

The CPS announcement states
Andrew Skelton was in a position of considerable trust with access to confidential personal information as Senior Internal Auditor at Morrisons. 
He abused this position by uploading this information - which included employees' names, addresses and bank account details - onto various internet websites. 
He then attempted to cover his tracks and implicate a fellow employee by using this colleague's details to set up a fake email account. 
Andrew Skelton's motive appears to have been a personal grievance over a previous incident where he was accused of dealing in legal highs at work. 
The potential loss to his victims and the sheer quantity of potentially compromised data was very significant and could have resulted in employees' identities being stolen. 
Currently Morrison's has incurred costs of almost £2 million as a result of this fraud, costs have included professional fees, legal fees and fees incurred through attempts to safeguard their employees.
The CPS alleged Skelton uploaded personal information — including employees’ names, addresses and bank details — to various websites and then attempted to cover his tracks.