BA says it is contacting affected customers, and has taken out full page ads in several newspapers to apologise for the breach.
The hack was ongoing for over two weeks, although BA have said the stolen data did not include travel or passport details, adding that an urgent investigation into the security breach has been launched.
"We are deeply sorry for the disruption that this criminal activity has caused", the airline said.
Consumer advice website MoneySavingExpert says affected customers should first seek advice from their bank, then monitor bank and credit card statements closely for signs of possible fraudulent activity.
Customers that used the airline's website and mobile application to make bookings between August 21 and September 5 are affected by the incident.
"The breach has been resolved and our website is working normally".
The recommendation does not apply to customers who bought tickets or changed reservations outside those times.
"Atrocious that I had to find out about this via news and twitter", he tweeted.
According to Reuters, the customer data, including personal and financial information involving 3,80,000 transactions, was stolen between August 21 and September 5.
Shares in British Airways owner IAG dropped more than 4% as the London market opened, wiping more than £500m off the airline group's market value.
If you have been struck by the data breach, it's advisable to contact your bank or credit card provider.
"We will continue to keep our customers updated with the very latest information", the airline said.
Meanwhile, BA customers expressed their frustration with the airline on social media.
The attack came 15 months after the carrier suffered a massive computer system failure at London's Heathrow airport, which stranded 75,000 customers over a holiday weekend.