LONDON — Hackers obtained the credit card details of some 380,000 British Airways travellers during a two-week data breach this summer that leaves the customers vulnerable to financial fraud, the ******* says.

BA chief executive Alex Cruz said Friday that enough data was stolen to allow criminals to use credit card information for illicit purposes, and that ****** are investigating.

“We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card,” he told the BBC.

He added that no passport data had been obtained in what he called a “very sophisticated, malicious criminal ******,” but that British Airways is “100 per cent committed” to compensating customers.

The ******* serves four Canadian cities – Montreal, Toronto, Calgary and Vancouver – but a spokeswoman told The Canadian Press that the ******* isn’t breaking down the breach by country.

British Airways assured customers that it would reimburse them for ****** directly because of the breach but advised them to contact their credit card suppliers if they made a booking or change to their booking through BA’s website or mobile app between 22:58 BST on Aug. 21 (5.58 p.m. Eastern Time) and 21:45 BST (4.45 p.m. ET) on Sept. 5.

That time period overlapped a two-day period when ********** detected unusual login activity on its mobile app between Aug. 22 and Aug. 24. The ******* said last week that about 20,000 customers may have had personal information compromised before all 1.7 million accounts were locked down.

********** has said credit card data was encrypted and protected from a breach but Aeroplan numbers, passport numbers, birth dates, nationalities and countries of residence could have been accessed if users saved them in their account profile.

Consumer advice website MoneySavingExpert says customers should monitor bank and credit card statements closely for signs of possible fraudulent activity.

It also warns of possible “phishing scams” in which hackers would try to trick affected consumers into revealing personal information like pincodes or banking passwords.

Some angry travellers complained to *******’s Press Association that they had already noted bogus activity on credit cards that had been used to make British Airways bookings during the time when the breach was undetected.

The hack once again puts the spotlight on the strength of the IT systems at major companies as they expand their digital services.

British Airways experienced an IT-related ****** in May last year when roughly 75,000 passengers were ******** after the ******* cancelled more than 700 flights over three days because of system problems.

In the U.S., Delta Airlines said in April that payment-card information for several hundred thousand customers could have been exposed by a ******* breach months earlier. The same breach also hit Sears Holdings Corp., which operates Kmart stores.

British Airways revealed the new hack Thursday evening and began notifying customers.

“British Airways is communicating with affected customers and we advise any customers who believe they may have been affected by this ******** to contact their banks or credit card providers and follow their recommended advice,” the company said in its statement. The hack was not discovered until Sept. 5 and has now been resolved, officials said.

*******’s National ***** Agency says it is investigating.

Shares in BA’s parent company, IAG, were down 3 per cent on Friday.