British Airways has been forced to open an investigation into how its website was hacked, following the theft of personal and financial details originating from almost 400,000 payment card transactions.

As shares in its owner International Airlines Group fell by almost 5% earlier this month, the airline issued an apology and advised any customers whose accounts may have been affected to contact their banks.

For the 16 days it took for British Airways to detect the breach, hundreds of thousands of its passengers were taking to the skies, all blissfully unaware that their home addresses, credit card numbers and contact details had been stolen. Upon discovering the attack, the airline confirmed it was in the process of contacting those who are affected but faced an immediate backlash from customers on social media.

The breach saw around 380,0000 have their personal and financial details compromised. The hack happened between 10:58pm on 21st August and 9:45pm on 5th September. Customers that were affected all booked flights via BA’s website or through its mobile app.

Police and the national crime agency were also looking into the hack which the airline says has now been resolved.

Chairman and Chief Executive of British Airways, Alex Cruz told Sky News: “Each of our lives is becoming more online every year and the responsibility of companies like us is to make sure that we create a safe environment where your data is treated with integrity and it’s safe and that’s what BA has been doing. More than 20 years ago, BA started and over this period of time we haven’t had any breaches. We’re absolutely committed to making sure this doesn’t happen again.”

Major breaches of this kind always remind us of the huge potential for reputational damage by companies that fall victim to cyber criminals and the timing of this attack was unfortunate in that it came just months after a major IT failure left 75,000 BA passengers stranded.

British Airways has stressed the stolen data does not include passport details but, despite its apologies and reassurances, compensation claims could soon be on the cards for the firm in this latest security breach to hit a major British business.