Wm Morrison, the fourth biggest grocer in the UK, suffered a major theft of data from its staff payroll system, including bank account details, on the same day it issued a huge profit warning.
The firm said it was made aware yesterday that staff pay data had been published on the internet and sent on a disc to a newspaper.
Morrisons ensured the data was taken off the website and said it did not believe it had been the victim of an external cyber attack, implying the data was likely leaked by an employee.
"Initial Investigations suggest this theft was not the result of an external penetration of our systems. We can confirm there has been no loss of customer data and no colleague will be left financially disadvantaged."
It said it was working with the police and cyber crime authorities to identify the source of the theft.
Chief executive Dalton Philips was leading the firm's response to the theft. Morrisons said it was also urgently reviewing its internal data security measures.
The Bradford Telegraph & Argus newspaper said it alerted Morrisons to the leak of data, which it said contained the pay and bank account details of about 100,000 staff, from director level downwards.
The newspaper said it was anonymously sent a disc containing the information by a "concerned Morrisons shopper".
Morrisons employs about 132,000 across its business.
Ghe grocer posted its lowest annual profit for five years yesterday, issued a profit warning and sparked fears of an industry price war after saying it would invest £1 billion in price cuts over three years to win back customers who have switched to discounters.