British Airways said that the personal and financial details of customers making bookings between August 21 and September 5 had been stolen in a data breach involving 380,000 bank cards.
The almost two week long hack did not involve travel or passport details, the airline said, adding that it had launched an urgent investigation into the theft of customer data.
“The personal and financial details of customers making bookings on our website and app were compromised,” it said. “The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.”
BA said the breach took place between 2158 GMT on August 21 and 2045 GMT on September 5 and that around 380,000 payment cards were compromised.
BA advised anyone who believed they may have been affected to contact their bank or credit card provider and follow their recommendations.
In terms of compensation, BA said they would be in touch with customers “and will manage any claims on an individual basis.”