Morrisons data leak: Thousands of staff to receive payout after details were posted online

Mr Skelton, a former auditor at Morrisons, posted it online and sent it to newspapers.

Morrisons had denied liability in the case, which had been brought by 5,518 current and former staff.

The ruling could open the door for the other 94,000 people affected to bring a compensation claim, lawyers said.

Following the ruling, Nick McAleenan of JMW Solicitors, acting for the claimants, said: "The High Court has ruled that Morrisons was legally responsible for the data leak.

"We welcome the judgment and believe that it is a landmark decision, being the first data leak class action in the UK."

In July 2015 Mr Skelton was found guilty at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing personal data, and jailed for eight years.

His motive appeared to have been a grudge over a previous incident when he was accused of dealing in legal highs at work.

In October, Jonathan Barnes, counsel for the claimants, told Mr Justice Langstaff that the company had already been awarded £170,000 compensation against Mr Skelton.

He said the employees should also be compensated for the upset and distress caused by the alleged failure to keep their information safe.

Antonis Patrikos, head of cybersecurity at law firm, Fieldfisher, said the ruling was likely to be a "game changer" for firms.

"What is key to remember is that despite this breach being from within their own company from a trusted employee, even when the company is the victim of criminal activity, the responsibility for keeping personal data secure and confidential still lies with the organisation that decides how the data should be used, such as Morrisons in this case," he said.

"The key questions for organisations are: are we taking appropriate steps to protect the data and are we appropriately prepared to respond to incidents that put the data at risk".