Lawyers have demanded answers after a national sandwich maker with a hub in Dundee was hit by a major cyber attack.
Greencore Group PLC, which operates a distribution hub in Fowler Road, was rocked by the serious data breach in December 2021.
Now legal firm Hayes Connor says it is being contacted on an “almost daily basis” by worried current and former employees who fear their identities could be stolen.
Hackers were able to access internal business documents at the firm, which operates 35 sites across the UK and Ireland.
The files contained information on current and former Greencore staff including data outlining their roles and salaries.
It’s also understood personal information including bank account details and National Insurance numbers were also compromised.
The firm suffered a cyber-attack
Greencore, which boasts an annual turnover of £1.3 billion, claims to be the world’s largest pre-packed sandwich maker with customers including M&S.
The firm produce around 645 million sandwiches and other food items from its vast rang of around 2,100 products.
The company said it took immediate steps to contain the breach and launched an investigation which revealed the attack had come from an “unauthorised third party”.
The company eventually wrote to current and former employees affected by the attack in February but have refused to confirm how many people have had sensitive information breached.
Personal data breached
However, it is thought the number could run into the hundreds or even thousands, given Greencore currently employs around 13,000 staff, including around 100 at its three Scottish distribution hubs in Dundee, Glasgow and Inverness.
In the wake of the attack, specialist data breach law firm Hayes Connor has described the breach as “hugely concerning” and added that staff needed to be told of the true extent of the attack.
The legal firm added that it was now being contacted “on an almost daily basis” by concerned Greencore employees seeking legal advice.
The firm said it was now representing over 35 individuals affected by the data breach and expects that number to grow significantly.
Christine Sabino, representing those affected, said: “The information we have received is hugely concerning and further answers are clearly needed.
“Greencore claims there is no evidence that data has been misused, but there is no way to tell for certain that this is the case.
Legal action
“No guarantees can be provided about the future either.
“This company employs thousands of people across a range of sites, but no real indication has been provided on how many have been affected.
“While we have heard first-hand from a number of people worried by these developments, there will likely be many more who are also concerned about what has happened.
“Employers have a duty to ensure that incredibly sensitive information is kept safe and secure, so this type of incident warrants a significant investigation.
“We have started to make our own enquiries into the case and are determined to ensure that our clients get the answers and justice they deserve.”
Commenting on the cyber-attack a spokesperson for Greencore Group PLC said: “We take matters of data security extremely seriously and as a business we had prepared for potential IT incidents of this type, knowing that they were on the rise.
Attack occurred in December 2021
“In December 2021 Greencore was subject to such an IT security incident but we were able to follow our incident response planning, taking immediate action to contain the incident and secure our systems.
“We’ve also been working alongside a team of IT forensic experts who continue to investigate the incident.
“They identified evidence suggesting some data was accessed by the unauthorised third party behind the incident.
“We have therefore been notifying those involved, which does include our current and former employees.
“We’ve been working hard to ensure they are fully supported by the business, offering free access to credit and/or identity monitoring services for twelve months and putting in place a team to answer questions they may have.
“This support is still available and we encourage anyone we have notified to contact us for further support.”
