British Airways announced that the company's website and mobile app have been affected by a data leak over a time period of over two weeks.
Between 21.08. and 05.09. 2018, the data of people who booked flights on the website "ba.com" or through the mobile app was stolen. According to the airline, it was "personal and financial details" of the customers, but no "pass or travel data".
Meanwhile, the security breach was closed and the website works normally again. The airline is in contact with the affected passengers. Consumers are advised to contact their bank or credit card company and follow their recommendations. The police and relevant authorities have been notified.
You can find the statement of British Airways on the company website.
According to the European General Data Protection Regulation (GDPR), companies have to report security breaches like hacks to the relevant authorities as well as to possibly affected customers.