EasyJet Plc faces a lawsuit over a data breach disclosed last month that potentially exposed private details of 9 million passengers.

More than 10,000 people have joined the suit since it was filed last month, according to law firm PGMBM. Victims are entitled to as much as 2,000 pounds ($2,500) in compensation, meaning the case could be worth as much as 18 billion pounds.

EasyJet said last month that the email addresses and travel data of about 9 million customers were taken by hackers in one of the biggest privacy breaches to hit the airline industry. The credit card details of roughly 2,200 people was also accessed.

“This is a monumental data breach and a terrible failure of responsibility that has a serious impact on EasyJet’s customers, who are coming forward in their thousands,” Tom Goodhead, PGMBM’s managing partner, said in a statement. “This is personal information that we trust companies with, and customers should expect that every effort is made to protect their privacy.”

The lawsuit comes amid a backdrop of difficult economic times for all airlines as the coronavirus pandemic curtails travel. Earlier this month EasyJet — along with British Airways and Ryanair Holdings Plc — challenged the U.K. rules that forces international travelers to quarantine for 14 days after arriving in the country.

“We are aware that a class action law firm has filed a claim against EasyJet in the High Court and that other firms are advertising their services to do the same,” the company said in an emailed statement. “This is not uncommon and just because these firms are advertising does not mean they have a strong claim.”

The carrier said that after discussions with the U.K. data regulator it “notified approximately nine million additional customers out of an abundance of caution to alert them to the potentially heightened risk of phishing emails. There is no evidence that personal information of any nature, including credit card data, has been misused.”

The Financial Times reported on the lawsuit earlier.

The airline isn’t the only carrier to be beset by data issues. A year ago, British Airways, a unit of IAG SA, was told to expect a 183.4 million-pound U.K. fine over hacking incidents.

–With assistance from Stephanie Bodoni and Siddharth Philip.

Photograph: Ground staff prepare a passenger flight, operated by EasyJet Plc, at a gate at London Gatwick Airport in Crawley, U.K., on Monday, June 22, 2020. Photo credit: Jason Alden/Bloomberg.

Topics Lawsuits Cyber Aviation