BA said personal and financial information on around 380,000 customers, including payment card information, was “compromised”, affecting bookings made from 21 August and 5 September.
The hack occurred at the peak of the summer holiday season.
The airline said it had notified police about the theft, which didn’t affect travel or passport details.
BA said it had resolved the breach and had contacted the affected customers, as well as authorities including the police and the Information Commissioner’s Office (ICO).
“We are deeply sorry for the disruption that this criminal activity has caused,” said BA chairman and chief executive Alex Cruz. “We take the protection of our customers’ data very seriously.”
BA said customers who believe they may have been affected to contact their banks or credit card providers.
“The breach has been resolved and our website is working normally,” the airline said in a statement.
“British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice.”
BA has been affected by a other technology-related incidents in recent months, including a problem in July that caused the cancellation of dozens of flights in and out of Heathrow.
Short-haul flights were cancelled due to a problem involving a “supplier IT system”, BA said.
In May, more than 2,000 BA passengers’ tickets were cancelled due to an error that caused flights to Tel Aviv and Dubai to be sold for too low a price.
BA apologised for the error.
UK data protection watchdog, the ICO, says encryption provides protections for children, after government-backed campaign…