A former employee of UK supermarket chain Morrisons has been jailed for eight years after leaking the personal details of 100,000 employees on the internet.
The Crown Prosecution Service (CPS) revealed that 43-year-old Andrew Skelton was found guilty of three charges of fraud at Bradford Crown Court, despite denying the charges.
Skelton had access to sensitive company information in his position as a senior internal auditor, including bank details, salaries and National Insurance details, which he leaked to several newspapers and posted on data sharing websites.
The jury heard that Skelton had leaked the information in anger after receiving an official warning about using Morrisons' post room to send personal packages, which he was accused of using to sell legal highs from work.
Skelton then tried to cover his tracks by setting up a fake email account to implicate a fellow employee in the data leak.
A Morrisons spokesperson told V3 that Skelton had abused his positon of trust, and expressed gratitude for the efforts of West Yorkshire Police in bringing him to justice.
"The guilty verdict and the eight-year prison sentence he received helps to bring closure for us and our employees following this incident. All our colleagues were offered identity theft protection as a result of this crime at a significant cost to the company," the spokesperson said.
David Holderness, a reviewing lawyer from the CPS for Yorkshire and Humberside, said that Skelton's actions cost the firm a substantial amount of money.
"The potential loss to his victims and the sheer quantity of potentially compromised data was very significant and could have resulted in employees' identities being stolen," he said.
"Currently Morrisons has incurred costs of almost £2m as a result of this fraud. Costs have included professional fees, legal fees and fees incurred through attempts to safeguard employees.
"The sentence imposed today sends out a very clear message that we will robustly prosecute serious fraudsters such as Skelton who believe they are above the law."
A virtual proxy war rages between hackers and cyber security firms, and protecting against malicious data leaks and cyber crime is becoming a major problem for the enterprise world.
A significant number of data leaks can be traced to user errors and lax efforts by enterprise employees to follow good data security techniques. V3 recently spoke to Dropbox on this topic, which said that poor password practices are a significant contributor to data leaks.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal