British Airways is investigating the theft of customer data from its website and app over a two-week period and has urged customers affected to contact their banks or credit card providers.

The airline said around 380,000 payment cards had been compromised and it had notified the police.

In a statement it said: “The stolen data did not include travel or passport details. From 22.58 BST August 21 2018 until 21.45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on ba.com and the airline’s app were compromised. The breach has been resolved and our website is working normally.

“We have notified the police and relevant authorities.”

“We discovered that something had happened but we didn’t know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack.

“The first thing was to find out if it was something serious and who it affected or not. The moment that actual customer data had been compromised, that’s when we began immediate communication to our customers.”

BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects people who bought tickets during the timeframe provided by BA, and not on other occasions.

Mr Cruz added: “At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data.”

BA could also potentially face swingeing fines should it be found negligent, under new general data protection regulations. The rules now in force could see a drastic escalation in the penalties slapped on firms for past data breaches, with fines levied at a maximum of 4% of global revenues – which in BA’s case spells an upper limit of £500m.

Source: British Airways