U.K. flag carrier British Airways is the latest victim of hacking, leaking payment details that included credit card data.

The details of how the hack took place have not been disclosed. The airline said only that it involved the theft of data from its website, ba.com, and the airline’s mobile app. The hack took place between 10:58 p.m. British Summer Time Aug. 21 and 9:45 p.m. BST Sept. 5.

The data stolen is said to include “personal and financial details of customers” including customer names, email addresses, home addresses and payment card information — but not travel or passport details. Around 380,000 records are believed to have been stolen.

“British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice,” the company said in a statement.

According to The Guardian, the data theft is one of the most serious to hit a U.K. company. It comes after the airline suffered a major information technology disaster last year when a power surge in its control center near Heathrow caused a global flight interruption and left tens of thousands of passengers stranded.

Tim Erlin, vice president of product management and strategy at Tripwire Inc., told SiliconANGLE that it’s unfortunate that payment card details appear to have been compromised. “That will increase the impact on consumers,” he said.

Referencing the European Union General Data Protection Regulation that took effect earlier this year, Erlin added that the hack may prove to be an important test of GDPR given that it has provisions to penalize hacked companies where they don’t make reasonable efforts to secure their data to begin with.

Photo: Marc-Antony Payne/Wikimedia Commons