Commuters pass a British Airways advert on the tube at Canary Wharf station in London, Britain September 7, 2018.
Commuters pass a British Airways advert on the tube at Canary Wharf station in London, Britain September 7, 2018. Reuters/Kevin Coombs

British Airways is investigating a massive customer data breach from its website and mobile app. The airline suffered from a “very sophisticated, malicious criminal attack” for over two weeks from 10:58 p.m. on Aug. 21 until 9:45 on Sep. 5 (local time).

The UK’s flag carrier said the breach has been resolved and its website, ba.com, is now working normally. However, during the breach, the personal and financial details of its customers making bookings on both the website and its app were compromised. Around 380,000 card payments were hacked.

“We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously,” Alex Cruz, British Airways’ chairman and chief executive, said.

The airline said the hackers obtained names, street and email addresses, and credit card information. They did not obtain the users’ travel or passport details.

Cruz said the hackers had not broken into the company’s encryption. He did not explain, however, how they obtained customer information.

BA has already informed authorities of the breach. It also advised its customers to contact their bank or credit card provider if they made a booking or changed their booking during the aforementioned persiod. Anyone who lost out financially would be compensated by the airline, according to Cruz.

“No British Airways customer will be left out of pocket as a result of this criminal cyber attack on its website, ba.com, and the airline’s mobile app,” BA said in a statement.