"From 22:58 BST August 21 2018 until 21:45 BST September 5 2018 inclusive, the personal and financial details of customers making bookings on our website and app were compromised," the airline revealed in a statement on its website.
According to BA, travel and passport information was not accessed during the data breach, but concerned customers are being advised to get in touch with their card issuers in the first instance. The company said all customers affected by the breach had been contacted on Thursday night.
"British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice."
The airline said it was informed of the hacking by a third party, which is why it was able to continue undetected for two weeks, but the company insists that the breach has been resolved and its website and mobile app are now working normally.