British Airways has confirmed a data breach.

The London-based airline, the largest in the UK, did not disclose much about the breach, only that hackers stole customer data from its website, ba.com.

In a statement, BA said that the “personal and financial details” of customers who made bookings on BA’s site or app between August 21 and September 5 were compromised, but travel or passport information was not taken.

A spokesperson told TechCrunch that “around 380,000 card payments” were compromised. BA had more than 45 million passengers last year.

“The breach has been resolved and our website is working normally,” the company said in a statement.

“British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this incident to contact their banks or credit card providers and follow their recommended advice,” said the statement.

Under the new European GDPR data protections laws, the airline can face fines of up to four percent of its global annual revenue.