"We are extremely sorry to inform you that there has been a theft of colleagues' personal information, which was uploaded onto a Web site," the company stated in a letter to employees, which it also posted on Facebook. "As soon as we became aware of this last night we took immediate steps to ensure the data was removed from the Web site. It was closed down within hour of us being notified."
The stolen data included the names, addresses and bank account details of employees at all levels of the organization.
"We are currently working with Experian and the major banks to ensure that we provide full support and assistance to all affected colleagues," the company stated. "This will include support and advice around protection of your bank account."
According to the Daily Mail, the breach was perpetrated by an insider with access to the payroll data, not by a hacker. "Initial investigations suggest this theft was not the result of an external penetration of our systems," Morrisons said in a statement.
The company didn't learn of the breach until a member of the public downloaded the data onto a CD and sent it to the Bradford Telegraph & Argus.
Photo courtesy of Shutterstock.