A data breach affected bookings made on British Airways' website between Aug 21 and Sept 5, adding to the airline's slew of embarrassing technological mishaps.
Around 380,000 card payments were "compromised", said parent International Airlines Group (IAG).
Potentially hundreds of thousands of British Airways customers who made online bookings in recent weeks had their financial data stolen.
According to a Reuters report, IAG said the data breach had been resolved and the website was working normally. It added that no travel or passport details were stolen.
The airline is communicating with affected customers on the issue. It also advised any others who believed they might have been affected to contact their banks or credit card providers.
An investigation has been launched, and IAG has notified police and other relevant authorities.
British Airways had in May 2017 suffered a massive computer system failure caused by a power supply issue near London's Heathrow, leaving 75,000 customers stranded at the busiest airport over a holiday weekend.
Subsequently in July, the airline was forced to cancel and delay flights out of the same airport due to problems with a supplier's IT systems.