British Airways officials said they are investigating a data breach that potentially left thousands of customers vulnerable to identity and credit card theft.


The incident occurred between Aug. 21 and Sept. 1 through the British Airways’ website and mobile app.


According to a news release, the stolen data includes personal and financial details of customers securing bookings and other changes on the company website and mobile app. Personal information such as names, billing addresses, email addresses, and bank card details were exposed.


Travel and passport, however, were not included in the breach, according to British Airways. In addition, any information from customers using Apple Pay on the mobile app was not compromised.


If you feel that your information is at risk, here’s what you should do:


British Airways is urging all customers who made bookings or changes to their confirmations, on and the airline’s mobile app, between Aug. 21 and Sept. 5 to immediately contact their banks for advice.


The company is also warns customers to be aware of “phishing” scams, where individuals attempt to gather personal information by deception. The company said they will not be contacting any customers asking for payment card details and any such requests should be reported to the police.


A statement on the company’s website reads, “we understand that this incident will cause concern and inconvenience. We have contacted all affected customers to say sorry, and we will continue to update them in the coming days.”


British Airways announced on its website that the data breach has been reported to the authorities and the website is again working normally.


If you’re planning to call, customers can find the latest information on the company website due to the high call volumes at their contact centers.