A massive online breach at British Airways left hundreds of thousands of customers with their bank data stolen.
The airline confirmed last night that 380,000 payment card details were “compromised” in the August peak.
BA is urgently investigating the customer data theft from the ba.com website and the airline’s mobile app.
Hackers targeted the carrier over more than two weeks with personal and financial details of customers making online bookings stolen.
However, BA insisted that the stolen data did not include travel or passport details.
Police and relevant authorities were called in once the breach was discovered on Wednesday evening.
The airline said: “British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice.”
The theft occurred between 10.58pm on August 21 and 9.45pm on September 5.
BA said it was investigating “as a matter of urgency”.
“The breach has been resolved and our website is working normally,” the airline added.
Affected customers were contacted last night and the airline took out full page adverts in today’s national newspapers to apologise for the breach.
BA chairman and chief executive Alex Cruz described the attack as “malicious”.
And he told BBC Breakfast this morning: “This was a very sophisticated criminal attack on ba.com”.
He added that the airline was convinced that the breach had been neutralised.
Cruz said earlier: “We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously.”
The airline said it would provide further updates “when appropriate”.
The National Crime Agency and National Cyber Security Centre confirmed they are assessing the incident.
The NCA said: “We are aware of a data breach affecting British Airways and are working with partners to assess the best course of action.”
Consumer group Which? said people concerned they could be at risk should consider changing their online passwords, monitor bank and other online accounts and be wary that fraudsters may refer to the breach in scam emails.
Alex Neill, Which? managing director of home products and services, said: “British Airways customers will be concerned to hear about this data breach.
“It is now vital that the company moves quickly to ensure those affected get clear information about what has happened and what steps they should take to protect themselves.
“Anyone concerned they could be at risk of fraud should consider changing their online passwords, monitor bank and other online accounts and be wary of emails regarding the breach as scammers may try and take advantage of it.”
The latest incident follows dozens of BA flights being cancelled at Heathrow due to IT issues in July and more than 2,000 passengers had tickets cancelled a month earlier because ey were too cheap.
An IT failure in over the late May bank holiday in 2017 forced BA to cancel all flights from Heathrow and Gatwick ruining the travel plans of thousands of passengers