380,000 individual credit card numbers were stolen from British Airways’ (BA’s) website and mobile app, The Guardian reports. The airline is urging affected customers to contact their banks and credit card providers.

The breach occurred between 22:58 BST on August 21 and 21:45 BST on September 5. The Guardian is calling it one of the ‘most serious’ data thefts to hit a UK company.

According to The Telegraph, customers were offered little to no notice of the theft. One customer from New York noticed strange charges on her account a few hours before BA announced the breach on Twitter. When she called customer service, she was told she would be refunded within 24 hours but given no further explanation.

BA joins Air Canada and Delta in the group of airlines affected by major data breaches in recent months. Last week, Air Canada confirmed that 20,000 people were affected in a mobile app data breach that disclosed names, emails and flight details. Air Canada initially claimed that under 100 bookings were affected. Back in April, Delta admitted to suffering two data breaches in September and October of the previous year.

Under new GDPR laws, BA could potentially face hefty fines if negligence is proven.

Get the full story at The Guardian.