British Airways says its website and app were compromised, allowing hackers to steal personal and financial details from at least 380,000 customers. It was not immediately known who was behind the breach.

The airline said on Thursday that its website and app were compromised from August 21 until 9:45 p.m. on Wednesday. People who made bookings during that time may have had their personal and financial details stolen.

“We are investigating, as a matter of urgency, the theft of customer data from our website and our mobile app,” the airline said in a brief statement. “The stolen data did not include travel or passport details.”

The data breach is believed to have affected at least 380,000 transactions.

“We are deeply sorry for the disruption that this criminal activity has caused. We take the protection of our customers’ data very seriously,” the airline said, adding that it will contact those affected.

Booking that were made during the affected period were not compromised, and the British Airways website was operating normally on Thursday. Customers who are due to travel are able to check-in online as usual.