A day after Morrisons supermarket recorded £176 million in annual losses, the payroll data relating to thousands of it employees, including bank account details, was stolen and published online.
Morrisons have informed the police of the theft, which it said it became aware of on Thursday night.
The retailer confirmed that all levels of its 130,000 employees were affected, including board members.
However, it would not comment on whether chief executive Dalton Philips was among them, and did not say how many staff members were affected.
Morrisons has since written to its all staff members to inform them of the data theft, while managers were also informing workers at sites.
The company posted a Facebook statement on the incident, reading: “We are very sorry that this has happened. We will ensure that no colleague will be left financially disadvantaged as a result of this theft.”
But some staff voiced disquiet that they learned of the breach in this way, with one person commenting on the social media site: “I haven't been informed of this and shouldn't have to read it on here.
The supermarket said in a statement: "On Thursday March 13 Morrisons was made aware that data from its staff payroll system had been stolen, published on the internet and sent on a disc to a newspaper.
“This data theft included bank account details. Morrisons immediately ensured it was taken off the website.
"Initial investigations suggest that this theft was not the result of an external penetration of our systems. We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged.
“We have already informed our colleagues about the theft and we are helping them take the appropriate actions to safeguard their personal data.”
Morrisons said it was urgently reviewing internal data security measures, and working with cybercrime authorities and police to identify the source of the theft.
Experts have also been brought in to ensure staff did not suffer financial losses.
The supermarket has also informed UK banks of the data theft and is working them to help them maintain account security, and it is setting up a helpline for employees.
The criminal inquiry into the data theft from Bradford-based Morrisons is being led by West Yorkshire Police.
Detective Chief Inspector Nick Wallen said: “We are aware of the situation and are supporting Morrisons and their investigation into these matters.”
Additional reporting by PAReuse content