The airline this week confirmed that from August 21 until September 5, "the personal and financial details of customers making or changing bookings on our website and app were compromised".
While the data didn't include travel or passport details, around 380,000 card payments had been compromised, it said.
In July, almost 7,000 passengers had their flights to or from Heathrow cancelled after a failure of an IT system provided to BA by Amadeus, a Spanish IT provider for global travel industry.
Yet another technical meltdown is plaguing British Airways.
BA said it is co-operating with all the relevant regulators following the data breach. "I cancelled my card as soon as I heard about the breach".
The British Airways breach could potentially be the first major test for the European Union's General Data Protection Regulation (GDPR), which went into effect on May 25.
"Nevertheless, we encourage clients to immediately contact us should they notice any unusual or unauthorized activity on their accounts and credit cards", spokesman Jeff Lanthier wrote in an email. The attack comes only 15 months after BA was hit by a massive computer system failure at London's Heathrow and Gatwick airports.
The British Information Commissioner's Office is investigating the breach and could fine the airline. Last year's May bank holiday meltdown was due to a power outage - the intrepid work of some contractor, who switched everything off and then blew out the IT system turning it on again.
As Cruise reports, Cruz has reported compensation to those customers who have been financially damaging, and has made it clear that "charging" was not a violation of the company's encrypted information.