Financial and personal data has been stolen from potentially hundreds of thousands of British Airways customers who booked online in recent weeks, extending a run of embarrassing technological mishaps suffered by the UK flag carrier.
The thefts occurred during a data breach that affected bookings made on the airline's website and app between August 21 and September 5, parent International Airlines Group said on Thursday.
Around 380 000 card payments were "compromised", it said.
BA chairman and chief executive, Alex Cruz, said the carrier was "deeply sorry" for the disruption caused by the criminal activity.
"We take the protection of our customers' data very seriously," he said.
The airline also apologised to its customers in a full-page ad in British newspaper Metro on Friday.
In May 2017, the carrier suffered a massive computer system failure caused by a power supply issue near London's Heathrow, which stranded 75,000 customers at Europe's busiest airport over a holiday weekend.
Its chief executive said at the time it would take steps to ensure such an incident never happened again, but in July it was forced to cancel and delay flights out of the same airport due to problems with a supplier's IT systems.
IAG said the data breach had been resolved and the website was working normally, and that no travel or passport details were stolen.
It was communicating with affected customers but advised any others who believed they might have been affected to contact their banks or credit card providers.
The airline had launched an investigation and notified police and other relevant authorities.