A UK worker is under arrest after publishing 100,000 employees’ payroll information. What can HR learn?
A supermarket employee has been arrested after releasing the bank details of about 100,000 employees of UK chain Morrisons.
The man was arrested on suspicion of making or supplying an article for use in fraud, according to local police.
The company said the data theft affected staff from all levels of the organization including the board, but said no staff would be left financially disadvantaged.
The supermarket became aware of the data theft late last week, and immediately emailed employees to inform them of the theft, with managers also informer workers onsite, but it is not known for how long the information was available.
The company was reviewing internal data security measures, with an investigation into the incident to be led by the CEO.
Employees took to social media to vent their anger, many criticizing the company for announcing the news on Facebook before all staff had been personally informed.
One wrote: 'A hack? So why weren't these details encrypted and what not?'
Another added: 'Reading about this on Facebook does not inspire confidence, we should have been notified by phone by our HR departments first thing this morning.'
HR Takeaways
The man was arrested on suspicion of making or supplying an article for use in fraud, according to local police.
The company said the data theft affected staff from all levels of the organization including the board, but said no staff would be left financially disadvantaged.
The supermarket became aware of the data theft late last week, and immediately emailed employees to inform them of the theft, with managers also informer workers onsite, but it is not known for how long the information was available.
The company was reviewing internal data security measures, with an investigation into the incident to be led by the CEO.
Employees took to social media to vent their anger, many criticizing the company for announcing the news on Facebook before all staff had been personally informed.
One wrote: 'A hack? So why weren't these details encrypted and what not?'
Another added: 'Reading about this on Facebook does not inspire confidence, we should have been notified by phone by our HR departments first thing this morning.'
HR Takeaways
- Have a communication plan
Prepare an internal communications plan before problems arise so HR can efficiently and effectively inform employees. - Train managers
These types of leaks often come from disgruntled employees. Training managers to recognize the signs and address the core causes of such negative feelings could prevent the problems from occurring. - Regular reviews
While it might sound like a job for IT, HR should ensure regular security reviews are taking place. Technology moves quickly, and employees can easily access information and resources online to help them circumvent security. Regular reviews will reveal risk areas that can be repaired before anyone can exploit them.
