British Airways's boss has apologised for what he says was a sophisticated breach of the firm's security systems, and has promised compensation.
Alex Cruz told the BBC that hackers carried out a "sophisticated, malicious criminal attack" on its website.
The airline said personal and financial details of customers making or changing bookings had been compromised.
About 380,000 transactions were affected, but the stolen data did not include travel or passport details.
"We are 100 percent committed to compensate them, period," Mr Cruz told the BBC's Today programme.
"We are committed to working with any customer who may have been financially affected by this attack, and we will compensate them for any financial hardship that they may have suffered."
BA said the breach took place between 22:58 BST on 21 August and 21:45 BST on 5 September. Shares in BA parent group IAG closed 1.4 percent lower on Friday.
Mr Cruz also told the Today programme: "We're extremely sorry. I know that it is causing concern to some of our customers, particularly those customers that made transactions over BA.com and app.
"We discovered that something had happened but we didn't know what it was [on Wednesday evening]. So overnight, teams were trying to figure out the extent of the attack.
"The first thing was to find out if it was something serious and who it affected or not. The moment that actual customer data had been compromised, that's when we began immediate communication to our customers."
BA said all customers affected by the breach had been contacted on Thursday night. The breach only affects people who bought tickets during the timeframe provided by BA, and not on other occasions.
Mr Cruz added: "At the moment, our number one purpose is contacting those customers that made those transactions to make sure they contact their credit card bank providers so they can follow their instructions on how to manage that breach of data."
The airline has taken out adverts apologising for the breach in Friday's newspapers.