British Airways reportedly faces the largest privacy class-action lawsuit in UK history over its 2018 customer data breach.
More than 16,000 victims have joined a case seeking potential £800 million in compensation from the airline.
Each of the 420,000 customers and staff whose information was leaked in the cyber attack could claim £2,000 each, according to London-based PGMBM, the law firm representing the claimants.
Partner Tom Goodhead said: “We trust companies like British Airways with our personal information and they have a duty to all of their customers and the public at large to take every possible step to keep it safe.
“In this instance, they presided over a monumental failure.”
A BA spokesperson said: “We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyberattack.
“We do not recognise the damages figures put forward and they have not appeared in the claims.”
IAG-owned BA revealed in September 2018 that a violation of its security systems compromised the personal and financial details of more than 400,000 customers.
The carrier was fined £20 million by the UK data protection watchdog last year.
The suit was filed in 2018, with a March 2021 deadline for more victims to join.
Consumer action law firm Your Lawyers made the calculation based on almost 500,000 affected customers each potentially receiving an average of £6,000.
Kate Bevan, computing editor at consumer group Which?, said: “This was a really nasty data breach that left hundreds of thousands of British Airways customers exposed to possible financial and emotional harm.
“Which? is calling for consumers to have an easier route to redress when they suffer from data breaches.
“The government must allow for an opt-out collective redress regime which would mean that affected victims can be automatically included in similar representative actions.”