Morrisons Breach Update

Morrisons Breach Update

The UK's highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not "vicariously liable".
morrisons

After the alleged Morrisons Breach last year, sensibility has prevailed. As a CISO and as a business owner, I thought it crazy to prosecuted a company for the criminal actions of an individual seeking to harm the business.

The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.

Morrisons Breach, what happened?

If you are not familiar with the Morrisons Breach story, an IT administrator within Morrisons had a grudge with the business and decided to, using their elevated privileges, access the HR system and leak the payroll of around 100,000 members of staff. The incident happed after the IT administrator received an HR warning for their actions. 

The Register has a good article on the original breach here.

Could IT have been prevented?

Businesses biggest asset is their people. Encouraging a culture of discussion of unusual behaviour without fear of retaliation is a good start. Background checks, monitoring and spot checks are all permissible in the UK when there is transparency and employees are informed. Making routine background checks a part of the HR process for role changes and promotions should be part of business life.

Treat your staff well and do not just monitor them at the outset. Many of these cases start with a disgruntled employee. Businesses can use “speak-up” initiatives to allow staff to raise grievances both formally and informally.

From a technical aspect, there are controls to implement. It is a case of looking at the dataflow and identifying the right tool for each step. Looking back at this case, we have a series of steps:

  1. Access to the HR System
  2. Aggregation of information
  3. Transmission of information

Access Controls

The easiest of the controls to address is the access controls. IT administrators need to be able to control systems, but there should always be a log. The log should detail the following:

  1. Who accessed the system;
  2. What time and date; and
  3. Activities performed;

These logs should be reviewed every week by the department head.

While discussing logs and log data, shared users accounts must be forbidden. All administrators should access systems using their account and use their elevated privileges via admin or sudo functions.

Aggregation of Information

Endpoint monitoring solutions such as Data Loss Prevention* tools will identify when information is aggregated and disseminated. 

Transmission of Information

Mobile media controls will further enhance this, preventing the movement of aggregated information to external media. Data Loss Prevention tools will identify the transfer of aggregated information via email or copying to the internet.


Can we help?

If you have any questions or would like to know more about how Hedgehog can help you and your business, please use the contact form below or any of the various ways on our site to get in touch.

[caldera_form id=”CF5e7f1635294b3″]


  • Recent Articles
Author Details
Founder & CEO at Hedgehog Security

Peter has been in the Information Security world since 1999 and in IT in general since 1996. His work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. Peter is a proud father of twins and enjoys GT endurance racing on the weekends.

[caldera_form id=”CF5e7f1635294b3″]

  • Malware
    SB Tech Breach

    Last week saw SB Tech Breached by the hacking group Maze. It seems that every week the group are announcing more victims.  GameOn asked our CEO Peter Bassill, to give us some insight into the attack. The GameOn article is here.

  • Privacy
    Howto VPn

    In our “How to securely” series we asked our followers what tools they would like a simple guide on to help them stay secure online. There seemed to be a lot of confusion as to what a VPN is and why you should or should not use one. So we asked Peter to help.

  • WhatsApp
    How To Whatsapp Safely

    WhatsApp is among the fastest-growing instant messengers out there, and almost a social network in its own way. But if you are using it, there are some steps you should take to protect your security and privacy.

  • Morrisons Breach Update

    The UK’s highest court ruled that Morrisons can not be liable for a criminal act of a person seeking to harm their business. On April 1st, 2020, a panel of five justices unanimously ruled that Morrisons was not “vicariously liable”.

  • Remote Working Considerations

    With the current pandemic situation, we all need to be taking remote working considerations. While adjusting the work paradym, it is vital to keep a mind’s eye on the security and safety of the businesses information assets

  • Securing Zoom
    How To: Securing Zoom

    In this guide we are looking at how to go about securing zoom. Since the onset of the global pandemic, we have seen surge in “zoom bombing”. This is where people with malicious intent look for in-progress zoom meetings to join and cause trouble.

  • Software Security
    Dell EMC iDRAC memory corruption Vulnerability

    A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9. Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.

  • Hiscox Sues for Failing to Disclose Data Breach

    On March 27th, Hiscox Insurance Company Inc. filed a complaint against law firm Warden Grier for concealing a data breach that occurred back in 2016.

  • Software Security
    Privilege escalation on Nginx Controller up to 3.1.x Controller API

    A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.

  • Malware
    Chubb Cyber Ransomware Attack

    Chubb Cyber Ransomware Attack? Really? Well yes. It seem that, according the operations of Maze Ransomware, there really was a Chubb Cyber Ransomware Attack.

Share on facebook
Facebook
Share on google
Google+
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on pinterest
Pinterest
Scroll to Top