British Airways has notified the police after the theft of customer data from its website and mobile app.
The airline said the personal and financial details of customers who made bookings on its website or app from 10.58pm local time on August 21 until 9.45pm on September 5 had been compromised.
Around 380,000 payment cards were compromised.
BA said the stolen data did not include travel or passport details, adding that it was investigating the security breach as a matter of urgency.
The company said the breach had been resolved and the website was now working normally.
"We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers' data very seriously," British Airways' chairman and chief executive Alex Cruz said.
The company said it is communicating with affected customers and advised anyone who believed they may have been affected to contact their banks or credit card providers.
"We are aware of reports of a data breach affecting British Airways and are working with partners to assess the best course of action," the UK National Crime Agency said.
In June, British electronics retailer Dixons Carphone was hit by a massive data breach, with inital figures stating attackers accessed 5.9 million customer payment-card details and a further 1.2 million records containing personal information.
It was later revealed that 10 million customers had their personal details accessed.
That same month, Akamai researchers found nearly 40 percent of traffic on hotel and travel sites was deemed to be "impersonators of known browsers".
Analysis of malicious login attempts by country against the hotel and travel industry by researchers at Akamai found that between November 2017 and March 2018, 650 million attacks came from Russia and 625 million came from China.
"By their nature, companies in the hospitality sector often hosts a lot of personal information," Bernd Konig, director of security products at Akamai Technologies, told ZDNet at the time.
"For example, hotels have everything from guest credit card data through to identity documentation that guests might be required under local laws to provide at check in. This is exactly the kind of personal and payment data that would be considered valuable to hackers".
Meanwhile in America, a site for booking European train tickets, Rail Europe, revealed a three-month long data breach of payment information in May.
The company said hackers put credit card-skimming malware on its website between late-November 2017 and mid-February 2018, and the attackers made off with a trove of data including credit card numbers, expiration dates, card verification codes, usernames, passwords, name, gender, physical and email addresses, and phone numbers.
Some 500 million pieces of customer data is believed to have been compromised, including that of 150 million accounts currently on sale in the dark web for 8 Bitcoins.
UK could use cyber attacks to disrupt Russian spy networks.
Proof-of-concept code detailing related exploits has been released to the public.
Strong security controls will protect your organization, but they may also hinder or annoy users. Here's how to walk the line between security and user accessibility.
CTIA Cybersecurity Certification Program is the first to partner with nationwide wireless providers to improve the security of cellular-connected IoT devices.