An £18 billion group class action lawsuit has been filed against UK budget airline EasyJet by customers impacted by a recently-disclosed data breach.

The lawsuit has been filed under the Data Protection Act 2018, and PGMBM, a law firm which has issued a class-action claim, is claiming up to £2,000 per affected customer, taking the total claim to £18 billion.

"EasyJet announced on the 19th May 2020 that sensitive personal data of 9 million travellers had been exposed in a data breach. Despite notifying the UK’s Information Commissioner’s Office of the breach in January 2020, EasyJet waited four months to notify its customers," the firm said.

"The sensitive personal data leaked includes full names, email addresses and most disturbingly of all, travel data including departure dates, arrival dates and booking dates. In particular, the exposure of details of individuals’ personal travel patterns may pose security risks to individuals and is a gross invasion of privacy.”

Earlier this month EasyJet revealed that the personal data of nine million customers leaked online due to a “highly sophisticated cyber-attack.”

At the time, the company said 2,208 credit card details were accessed by hackers, though the company insists that passport details of customers were not compromised.

However, in email informing customers about the breach the company admitted that the hackers also got access to their entire itineraries, including “where you were travelling from and to, your departure date, booking reference number, the booking date and the value of the booking.”