British Airways has said that the personal and financial details of customers making bookings between 21 August and 5 September were stolen in a data breach involving 380,000 payment cards.
"We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app. The stolen data did not include travel or passport details," the airline said in a statement.
"The personal and financial details of customers making bookings on our website and app were compromised.
"The breach has been resolved and our website is working normally. We have notified the police and relevant authorities.
"We are deeply sorry for the disruption that this criminal activity has caused."
BA said the breach took place between 10.58pm on 21 August and 9.45pm on 5 September.
Around 380,000 payment cards were compromised.
BA advised anyone who believed they may have been affected to contact their bank or credit card provider and follow their recommendations.
As for compensation, BA said: "We will be contacting customers and will manage any claims on an individual basis."
It said customers due to travel could check in online as normal as the incident had been resolved.
The National Crime Agency said: "We are aware of reports of a data breach affecting British Airways and are working with partners to assess the best course of action."
BA is owned by IAG, which also owns Aer Lingus.
