UK lawyers are preparing a class action suit against Cathay Pacific, claiming that the firm is liable for compensation “under the relevant data protection laws.”
SPG Law, which claims to draw on some of America’s top class action lawyers, has already registered the cathaydatabreach.com domain and is inviting those affected to get in touch.
Explaining that its sister law firm in the US has already won over $1bn in compensation in similar cases, the firm claimed that passengers hit by the Cathay Pacific breach earlier this year could be in line for “significant compensation in the thousands, or possibly tens of thousands, depending on circumstances.”
“The breach is even more serious than that committed by BA in September 2018 in that Cathay Pacific customers like you have suffered from far more substantial personal data being leaked,” a statement on the site noted.
“You have a right to compensation from Cathay Pacific for this data leak in accordance with data protection laws. You can be compensated for inconvenience, distress and annoyance associated with the data leak. It is time to stand up to them and take action.”
However, there’s no mention of the GDPR on the site, despite previous reports claiming the firm had cited Article 82 of the new data protection law as key.
The Hong Kong carrier has been widely criticized for its handling of the breach, which it said affected 9.4 million customers. However, the incident's timing appears to fall before the introduction of the GDPR on May 25.
The firm is said to have first noticed suspicious activity in March but confirmed data had been accessed in early May.
Either way, the new action is another reminder of the potential legal costs for firms that suffer a major breach.