Cathay Pacific data leak: British-based law firm urges passengers to seek damages through group legal action overseas

SPG Law says customers have a case under new EU regulation, and seeks to claim up to £1,500 per person or possibly more based on individual cases

But local experts point out city residents can file individual lawsuits under data privacy ordinance

Reading Time:3 minutes

Hong Kong’s flag carrier Cathay Pacific Airways has come under fire for a massive data breach. Photo:

Karen Zhang,Elizabeth CheungandAlvin Lum

Published: 9:45pm, 27 Oct 2018Updated: 5:04pm, 28 Oct 2018

A British-based law firm is planning to seek compensation for Cathay Pacific Airways passengers through a collective legal action overseas following the carrier’s massive data leak, but Hong Kong lawyers have warned this may not be easy for local customers.

SPG Law said the breach by the city’s flag carrier, which affected 9.4 million customers, was “more serious” than British Airways’ data leak first announced in September. Some 430,000 payment card details had been disclosed, and the firm had launched a similar action for about 3,000 clients over that incident.

Cathay Pacific only revealed on Wednesday night that the personal details of affected passengers had been illegally accessed, months after the breach was detected in March and confirmed in early May.

Compromised data included names, passport numbers, ID numbers, travel history and credit card numbers.

“You have a right to compensation from Cathay Pacific for this data leak under Article 82 of the European Union General Data Protection Regulation (GDPR). You can be compensated for inconvenience, distress and annoyance associated with the data leak,” the firm said on its website.

It sought to claim up to £1,500 (HK$15,000) for each person and possibly more based on individual cases.