Post-breach, Cathay Pacific hit by group action by UK law firm

Hacking makes the money makes the world go round.

Post-breach, Cathay Pacific hit by group action by UK law firm

Fresh from launching a £500 million group action against British Airways after a serious security breach, UK law firm SPG Law has wasted no time responding to the announcement last week of a hack at Cathay Pacific which saw the personal data of 9.4 million Cathay Pacific passengers breached.

SPG Law is inviting customers of Cathay Pacific to visit its website at cathaydatabreach.com (they were obviously quick off the draw setting that up…)

Cathay claim

What shocked many people about the Cathay Pacific data breach is the months and months it took for the company to announce publicly that it had suffered a data breach.

In its announcement last week of a “data security event”, the airline revealed that it had first detected “suspicious activity” on its network in March 2018 and confirmed that there had been unauthorized access to personal information in early May 2018.

That length of delay is clearly bad news for those passengers who had their names, nationalities, dates of birth, phone numbers, email addresses, addresses, passport numbers, identity card numbers, frequent flier membership numbers, customer service remarks, historical travel information, and (in some cases) credit card numbers accessed by hackers.

But never fear, SPG Law (and no doubt other law firms) are offering to apply some pressure on Cathay Pacific to cough up some compensation.

SPG Law, which is the newly-launched UK division of US law firm Sanders Phillips Grossman, estimates that each affected traveller may be able to claim thousands of dollars against Cathay Pacific, and notes that the airline may be failing to fulfil its requirements under GDPR by not offering any financial compensation for European individuals who suffer direct financial losses or non-material damage.

Group actions against hacked companies are a regular sight in the United States, but are relatively new here in the UK.

My hunch is that while big organisations continue to suffer serious security breaches, we’ll continue to see opportunistic law firms helping the public receive some compensation (and skimming off a tidy sum for themselves, of course).

Businesses may be well-minded to consider that fact when they dawdle for months over disclosing a data breach.

Tags: , ,

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, ,

One Response

  1. Jim

    November 3, 2018 at 8:58 am #

    I wonder if a law firm will go after Equifax and Curry’s? Sign me up, providing they don’t want any money first of course!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.