Victims of a data breach in which millions of customers' private details were compromised are being urged to claim compensation as part of a class action lawsuit.
EasyJet wrote to customers this week to warn them against potential phishing attacks.
It comes after the budget airline revealed on Tuesday it had been the target of a cyber attack in which the personal data of 9 million customers was breached.
Information accessed relates to passengers' names, email addresses and travel details but not passport information.
In an email to customers, easyJet said: "Once again, we’re sorry that this attack has happened.
"We do take the safety and security of our customers’ information very seriously and will continue to take every action to protect it against any future attacks."
The airline notified the UK’s Information Commissioner’s Office (ICO) of the breach in January.
But it wasn't until four months later the airline notified its customers.
Law firm PGMBM said it had now issued a class action claim in the High Court of London on behalf of affected easyJet passengers.
It is urging all of those affected to come forward and join a claim to pursue compensation on the basis of "inconvenience, distress, annoyance and loss of control of their personal data".
The firm estimates a potential liability of £18 billion, which if awarded could result in £2,000 per impacted customer.
Tom Goodhead, PGMBM managing partner, said: “This is a monumental data breach and a terrible failure of responsibility that has a serious impact on easyJet’s customers.
"This is personal information that we trust companies with, and customers rightly expect that every effort is made to protect their privacy.
"Unfortunately, easyJet has leaked sensitive personal information of nine million customers from all around the world.”
All affected easyJet customers can join the claim at www.theeasyjetclaim.com. PGMBM says this will be on a "no-win, no-fee" basis.
easyJet was contacted for comment.