It is still unclear how hackers gained access to the airline's system to steal customer data, including full names, credit card numbers, expiration dates and three digit security codes.
Customers discovered the incident via fraudulent charges before the company was aware, and then incident went public on Twitter.
Furious British Airways customers have been left having to cancel their credit cards after a 15-day data breach compromised around 380,000 card payments. The airline admitted "criminal activity" had compromised the personal and financial details of customers who made bookings on its website or app from just before 11pm on August 21 until 9.45pm on Wednesday. The number of payments compromised could be up to 400,000 and BA confirmed Friday morning hackers had obtained names, addresses, credit card numbers, expiry dates and the three-digit security codes on the backs of cards - plenty to make a fraudulent payment. Alex Cruz, BA's chairman, revealed the hackers were "very sophisticated criminals" who had not hacked the company's encrypted data, but rather gained "illicit access" to the airline's system. This meant the breach went unnoticed for over two weeks.