British Airways will pay compensation to customers whose data was stolen in a "sophisticated" and "malicious" hacking attack, its boss said Friday.
The carrier had revealed overnight that the personal and financial details of customers making bookings on the BA website and mobile phone app between August 21 and September 5 had been stolen.
"We are 100 percent committed to compensate them," BA chief executive Alex Cruz told BBC radio.
"We will compensate them for any financial hardship that they may have suffered."
BA has launched an urgent investigation into the data breach which involved 380,000 bank cards. Cruz said the hack was the worst breach in the 20 years the company has had a website.
The stolen data comprised customer names, postal addresses, email addresses and credit card information.
The 15-day hack did not involve travel or passport details and the breach has now been fixed.
BA took out full-page adverts in the U.K. newspapers on Friday to apologize, while shares in parent group IAG slid three percent in early morning London deals.
"We're extremely sorry for what has happened," Cruz said Friday.
"There was a very sophisticated, malicious, criminal attack on our website."
He added that the company first became aware that something had happened on Wednesday evening.
"The moment we found out that actual customer data had been compromised, that's when we began an all out immediate communication to our customers. That was our priority."
Police and relevant authorities have meanwhile been notified.
The National Crime Agency said it was assessing the matter, while the Information Commissioner's Office added it would also be making inquiries.
Anyone who believes that they may have been affected is advised by BA to contact their bank or credit card provider and follow their recommendations.
The airline added that customers due to travel could check in online as normal.
IAG also owns Spanish carriers Iberia and Vueling, as well as Irish airline Aer Lingus.