British Airways says it is investigating “as a matter of urgency” the theft of customer data from its website and mobile app.
The airline said personal and financial details of customers making bookings had been compromised.
About 380,000 transactions were affected, but the stolen data did not include travel or passport details.
BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September.
“The breach has been resolved and our website is working normally,” BA said in a statement
“We have notified the police and relevant authorities. We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
BA said anyone who believed they might have been affected should contact their bank or credit card provider and follow their recommendations.
This is not the first customer relations problem to affect the airline in recent times.
In July, BA apologised after IT issues caused dozens of flights in and out of Heathrow Airport to be cancelled.
A number of short-haul flights were cancelled after an incident involving a “supplier IT system”.
The month before, more than 2,000 BA passengers had their tickets cancelled because the prices were too cheap.
BA apologised for the error on flights to Tel Aviv and Dubai, but customers said they were angry their tickets were not being honoured.
And in May 2017, serious problems with British Airways’ IT systems led to thousands of passengers having their plans disrupted, after all flights from Heathrow and Gatwick were cancelled.
