British Airways is facing the largest ever group claim over a data breach in UK legal history following a 2018 incident.
The theft of data from the airline is thought to have exposed details of more than 400,000 customers.
More than 16,000 customers have now joined the case ahead of a March deadline to sign up to the action, according to PGMBM, the lead solicitors in the group litigation case.
The carrier has already faced a £20 million fine from the Information Commissioner’s Office, cut from the initial figure of £183 million.
Lawyers said victims could each be compensated up to £2,000, based on previous court rulings, leaving the flag-carrier facing a total bill of more than £800 million if every victim came forward.
“We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber-attack,” British Airways said.
“We do not recognise the damages figures put forward, and they have not appeared in the claims.”
The BA case is the first group lawsuit of its kind to be brought under sweeping GDPR data protection rules introduced in 2018.
Tom Goodhead, a partner at PGMBM, said the airline had presided over a “monumental failure”.
“We trust companies like British Airways with our personal information and they have a duty to all of their customers and the public at large to take every possible step to keep it safe,” he added.
Consumer rights organisation Which? argued making claims for compensation for data breaches should be made easier moving forward.
Kate Bevan, Which? Computing editor, said: “This was a really nasty data breach that left hundreds of thousands of British Airways customers exposed to possible financial and emotional harm.
“Which? is calling for consumers to have an easier route to redress when they suffer from data breaches.
“The government must allow for an opt-out collective redress regime which would mean that affected victims can be automatically included in similar representative actions.”