The British Airways website and mobile application have suffered a breach of customers' personal and financial data from around 380,000 card payments, the carrier's parent International Airlines Group said on Thursday.
BA says the breach relates to bookings made between 10.58pm on August 21 and 9.45pm on September 5.
BA advised anyone who believed they may have been affected to contact their bank or credit card provider and follow their recommendations. It had notified police and relevant authorities.
"The moment we found out that actual customer data had been compromised that's when we began an all-out immediate communication to our customers, that was the priority", Alex Cruz, BA's chief executive and chairman, told BBC radio. "We take very seriously the protection of our clients 'data" - are his words in the statement.
BA said it is in the process of contacting all affected customers.
In terms of compensation, BA said they would be in touch with customers "and will manage any claims on an individual basis".
Air Canada has said credit card data was encrypted and protected from a breach but Aeroplan numbers, passport numbers, birth dates, nationalities and countries of residence could have been accessed if users saved them in their account profile.
1-inch iPhone leaks in four colors, shows its dual SIM tray
It wouldn't be unreasonable to suggest a 512GB option might appear somewhere though, given Samsung introduced this on the Note 9 . As per Ming Chi Kuo, an Apple analyst, Apple will be sticking with the Face ID on the new iPhones as a security feature.
Customers' banking information was compromised, but no travel information.
Will I have to get a new card?
It was unclear how many people were affected.
He said hackers stole enough information to use bank cards to make purchases.
The incident comes after an IT meltdown caused huge disruption for BA passengers at the start of the May half-term holiday.
Consumer advice website MoneySavingExpert says customers should monitor bank and credit card statements closely for signs of possible fraudulent activity.