British Airways says its website and app were compromised, allowing hackers to steal personal and financial details.
BA says it is contacting affected customers, and has taken out full page ads in several newspapers to apologise for the breach.
The nearly two-week long hack did not involve travel or passport details, the airline said, adding that it had launched an urgent investigation into the theft of customer data.
"We are 100 per cent committed to compensate them", BA chief executive Alex Cruz told BBC radio.
The airline said the data breach had been "resolved" and that all systems were working normally as of today.
Whilst is was not travel or passport details, it was personal and financial details that were compromised.
BA said the breach took place between 2158 GMT on Aug 21 and 2045 GMT on Sept 5 (5.58 am on Aug 22 and 4.45am on Sept 6, Singapore time).
It advised them to contact their bank or credit card provider and follow their recommended advice.
BA apologised for the error on flights to Tel Aviv and Dubai, but customers said they were angry their tickets were not being honoured. It immediately contacted customers when the extent of the breach became clear.
British Airways (BA) parent organisation International Airlines Group (IAG), which also owns Iberia, Vueling and Aer Lingus, generated just under €23bn of revenue, meaning regulatory fines are effectively capped at €919m.
Banks including NatWest and RBS attempted to reassure anxious BA customers that they have "significant" levels of security in place, although they advised account holders to be on the lookout for any suspicious activity.
"Atrocious that I had to find out about this via news and twitter", he tweeted.
Email addresses, customer names, home addresses and payment card information are among the information stolen.