Furious British Airways customers have been left having to cancel their credit cards after a 15-day data breach compromised around 380,000 card payments.

The airline admitted "criminal activity" had compromised the personal and financial details of customers who made bookings on its website or app from just before 11pm on August 21 until 9.45pm on Wednesday.

It is thought the number of payments compromised could be up to 400,000 and BA confirmed Friday morning hackers had obtained names, addresses, credit card numbers, expiry dates and the three-digit security codes on the backs of cards - plenty to make a fraudulent payment.

Alex Cruz, BA's chairman, revealed the hackers were "very sophisticated criminals" who had not hacked the company's encrypted data, but rather gained "illicit access" to the airline's system.

This meant the breach went unnoticed for more than two weeks and now customers are scrambling to cancel their cards once the airline became aware of the breach on September 5.

Daniel Willis, 34, from Milton Keynes who booked a flight on Monday with the airline, said: "I saw the tweet, that was the first I knew of it. This is my first involvement with BA since they left me stranded with my wife and 2-year-old daughter for a few days in Düsseldorf in December - again with no communication.