BA is the latest major United Kingdom company to report such an attack - seemingly the largest since the owner of Currys PC World, Dixons Carphone, admitted in early summer that nine million of its customers had been hit by a data breach.
The data watchdog has said it would be making inquiries into the incident.
British Airways was forced to apologise on Friday after the credit card details of hundreds of thousands of its customers were stolen over a two-week period in the worst ever attack on its website and app.
Consumer advice website MoneySavingExpert says affected customers should first seek advice from their bank, then monitor bank and credit card statements closely for signs of possible fraudulent activity.
Some angry travelers complained to Britain's Press Association that they had already noted bogus activity on credit cards that had been used to make British Airways bookings during the time when the breach was undetected.
In a statement, the airline added: "We have notified the police and relevant authorities".
Cruz told the BBC's "Today" programme that the data breach was a "sophisticated, malicious criminal attack". The hack was not discovered until September 5 and has now been resolved, officials said.
Customers' banking information was compromised, but no travel information.
"Atrocious that I had to find out about this via news and twitter", he tweeted.
We take very seriously the safety of our customer data, "said Alex Cruz, president and executive director of the company". It is now vital that the company moves quickly to ensure those affected get clear information about what has happened and what steps they should take to protect themselves.
The airline's recent data breach follows a massive incident that saw round 10 million records containing personal data of Dixons Carphone customers accessed.