British Airways said Thursday that the personal and financial details of customers making bookings between August 21 and September 5 were stolen in a data breach involving 380,000 payment cards.
“We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details,” the airline said in a statement.
“The personal and financial details of customers making bookings on our website and app were compromised,” it said.
“The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.
“We are deeply sorry for the disruption that this criminal activity has caused.”
BA said the breach took place between 2158 GMT on August 21 and 2045 GMT on September 5.
Around 380,000 payment cards were compromised.
BA advised anyone who believed they may have been affected to contact their bank or credit card provider and follow their recommendations.
As for compensation, BA said: “We will be contacting customers and will manage any claims on an individual basis.”
It said customers due to travel could check in online as normal as the incident had been resolved.