British Airways is facing a potential £800 million lawsuit over a data breach in 2018 when details of more than 400,000 customers were compromised.

More than 16,000 customers have already signed up to join the lawsuit ahead of a March deadline, according to law firm PGMBM, which is leading the legal action.

It says that based on previous court rulings, each victim could be awarded up to £2,000 each. If every customer put in a claim, this means BA could be forced to pay out more than £800 million.

According to the Financial Times, BA has filed a letter with the court indicating it is prepared to settle claims.

But a BA spokesman said: “We continue to vigorously defend the litigation in respect of the claims brought arising out of the 2018 cyber attack.

“We do not recognise the damages figures put forward, and they have not appeared in the claims.”

The airline has already been fined £20 million by the Information Commissioner’s Office (ICO), a figure significantly reduced due to the impact of Covid-19 on the aviation sector but still the biggest ever imposed by the ICO.

In the data breach, passengers’ names, debit and credit card numbers, addresses, email addresses and CVV numbers were accessed.

Usernames and passwords of BA employee and administrator accounts, as well as usernames and PINs of up to 612 BA Executive Club accounts, were also potentially accessed in the attack.