Food Manufacturer employees seek legal action after cyber attack
In December of 2021, Greencore Group PLC, one of the UK’s leading manufacturers of convenience foods, was hit by a data breach as reported by Food Manufacture and also The Warrington Guardian. Which both reported that the personal and financial details of thousands of current and former employees were compromised in the attack.
Solicitors representing the claimants said the action was being brought because Greencore had failed to take adequate steps to protect its employees’ data.
Content Quick Links:
Unauthorised third-party Entry to IT Systems
A letter sent out to employees in February 2022, Greencore claims to have experienced an 'IT incident' to a part of their network and that the disruption was caused by unauthorised third-party gaining access to their systems. Employees' personal information such as roles, salaries, personal details such as date of birth, National Insurance numbers and banking details were compromised in the breach.
The number of people affected by the data breach at Greencore is unlcear but is of great concern since the company has over 13,000 employees across 35 locations in the UK and Ireland. Now those workers are working with specialist data law firm Hayes Connor Solicitors and are considering whether to seek compensation.
Legal Director, Christine Sabino of Hayes Connor, has commented on the incident, saying:
“The information we have received is hugely concerning, and further answers are clearly needed.
“Greencore claims there is no evidence that data has been misused, but there is no way to tell for certain that this is the case. No guarantees can be provided about the future either.
“This company employs thousands of people across a range of sites, but no real indication has been provided on how many have been affected. While we have heard first-hand from a number of people worried by these developments, there will likely be many more who are also concerned about what has happened.
“Employers have a duty to ensure that incredibly sensitive information is kept safe and secure, so this type of incident warrants a significant investigation. We have started to make our own enquiries into the case and are determined to ensure that our clients get the answers and justice they deserve.”
Greencore has not yet released any information about how the breach occurred or who is responsible for it. But a spokeswoman from the company said:
"In December 2021 Greencore was subject to such an IT security incident but we were able to follow our incident response planning, taking immediate action to contain the incident and secure our systems.
"We’ve also been working alongside a team of IT forensic experts who continue to investigate the incident. They identified evidence suggesting some data was accessed by the unauthorised third party behind the incident.
"We have therefore been notifying those involved, which does include our current and former employees.
"We’ve been working hard to ensure they are fully supported by the business, offering free access to credit and/or identity monitoring services for twelve months and putting in place a team to answer questions they may have.
"This support is still available, and we encourage anyone we have notified to contact us for further support."
Employee data breaches are on the Rise
The legal case is still in its early stages, and it is not yet clear how it will proceed. However, the case could have significant implications for Greencore and other companies that suffer data breaches.
Employee data breach claims are becoming increasingly common and costly, adding a financial burden for businesses that can already face hefty fines if data is stolen.
If the employees are successful in their lawsuits, it could set a precedent requiring companies to take more responsibility for protecting employee data. It could also lead to increased regulation of how companies handle and store personal information.
This case is one to watch in the coming months, as it could significantly impact how companies deal with data breaches and protect employee information.
How to Prevent Employees' Data Breach Law Suits
Employee data is desirable to criminals. The information companies hold about their employees is often highly sensitive, and employers have far more details about their employees than they do about their customers. If this information falls into the wrong hands, it can be used to commit identity theft or fraud.
To avoid such lawsuits, employers need to take steps to ensure that their employee data is secure. Here are some tips on how to do this:
1. Encrypt all employee data - This means that even if someone does manage to get their hands on the data, they will not be able to make sense of it without the key. There are many different encryption algorithms available, so employers should choose one appropriate for their needs.
2. Restrict access to employee data to only those who need it - There is no reason for everyone in the company to have access to employee data. By restricting access to only those who need it, employers can reduce the chances of someone accidentally or deliberately leaking the data.
3. Regularly review who has access to employee data and revoke access when necessary -Even if an employee leaves the company, their access to sensitive data should be revoked. This can be done using an access control system that automatically revokes access when an employee’s status changes.
4. Ensure that all employee data is backed up and that the backups are secure - In the event of a data breach; having backups will ensure that the data can be recovered. The backups should be stored in a secure location, such as an off-site data centre.
5. Employees should be trained on security risks and best practices on protecting personal data - They should be taught how to create strong passwords, spot phishing emails, and report any suspicious activity.
6. Use strong authentication methods for accessing employee data - This could include two-factor authentication or biometric authentication.
7. Comply with UK General Data Protection Regulation (UK GDPR) - This regulation requires employers to take steps to protect the personal data of their employees.
8. Develop formal policies and procedures - Organizations should develop formal policies and procedures for managing employee data. These should be reviewed and updated on a regular basis.
By taking these steps, employers can ensure that their employee data does not fall into the wrong hands, is secure and less likely to be targeted by criminals and can help avoid potential legal problems.
It’s important to remember that no security measure is 100% effective and that companies should have a plan in place for how to deal with a data breach if one does occur.
When Was The Last Time You Had A Cyber Risk Assessment?
Think Cloud are award-winning Cyber Security Specialist based in Hull, East Yorkshire. Check out how our outsourced Cyber Security can help your business: Outsourced Cyber Security Protection
We assist organizations of 10–250+ users in reducing Cyber Security risk by assisting them in taking full advantage of our Essential Cyber Security Solution. We also provide comprehensive cyber security training and have made our key courses free to all UK Organisations.
Don't Be A Sitting Duck; Things Have Changed. Cyber Attacks Are Up! Learn how to stop hackers, including the secrets to protecting your business. Take-free training today
Free - Sign up for our free Cyber Security Master class + Learn how to Reduce your Human Cyber Risk here
THE NORTH’S PREMIER CYBER SECURITY & MANAGED IT PROVIDER!
At Think Cloud We Help You Work Faster, Work Smarter, Work Better - Together!
If you like to Think different and want access to more inspirational content then head over to our 'The Hack Podcast' pages.
Based in the heart of the digital tech hub in Hull, East Yorkshire, find out how Think Cloud's award-winning IT Support can empower your business to operate more efficiently.
Award-Winning Cyber-Security & IT Solutions for 10 - 250+ Staff.
Share this post: