In December 2021, Greencore began to experience some IT disruption. The business, which is a leading UK manufacturer of convenience foods, looked into the incident and discovered that it had experienced a cyberattack. In response, the company was forced to shut down some of its systems. Following the security failure, Greencore investigated the incident and uncovered that some HR data had been accessed.
In February 2022 – two months after the attack – Greencore wrote to employees to warn them that their personal information might have been exposed. The stolen information related to current and former Greencore employees. It included:
This is a significant amount of personal information and the delay in notifying those affected meant that employees were not given the chance to secure their personal data between then and now. As information stolen in breaches is often used by cybercriminals, this delay left Greencore employees vulnerable to cyber fraud and scams.
Following the breach, we advised all affected current and former Greencore employees to be vigilant.
When data is compromised in a security incident, it is often shared and sold on the dark web. And, while Greencore informed its employees that “the manner in which the data was stored means that it is not easy for someone to access and/or read” this did not mean that it wouldn’t be used by criminals.
Greencore stated that it was “confident that none of your information has been shared online or otherwise misused following the incident and we also believe that the risks of this happening at anytime are minimal”. However, it could not guarantee the safety of the data.
Similar data breaches have resulted in fraud, blackmail, and identity theft, so Greencore employees were at high risk of being targeted by cybercriminals.
See our answers to the FAQs we were asked about the Greencore data breach.
In December 2021, Greencore experienced a cyberattack. Greencore investigated the incident and discovered that some HR data had been accessed. This information related to current and former Greencore employees.
The stolen information included:
If you were affected by the data breach, Greencore should have been in touch to notify you.
Greencore claims the delay was justified because, while it became aware in December 2021 that it had experienced a cyberattack, it was only after investigation that the business discovered that current and former employee data was accessed in the attack.
Greencore could not fire employees for making a data breach claim.
An employer cannot fire you or harm your career in any way if you make a compensation claim. Greencore would be breaking employment law if it did, and any action could be classed as discrimination.
Our action is now closed.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.
